Port certificates API to v3 Part 1

This changeset only copies the v2 files (implementation and test)
into the appropriate v3 directories unchanged. The copy as-is
will not be loaded by either the v2 or v3 extension loaders. The
second changeset will then make the changes required for it to
work as a v3 extension.

This is being done in order to make reviewing of extension porting
easier as gerrit will display only what is actually changed for v3
rather than entirely new files

Partially implements blueprint nova-v3-api

Change-Id: Ibdb3b444432fa707786e6bb43aaba61d2a3fc89f

2 files changed, 182 insertions, 0 deletions

diff --git a/nova/api/openstack/compute/plugins/v3/certificates.py b/nova/api/openstack/compute/plugins/v3/certificates.py
new file mode 100644
index 000000000..64a6e26fe
--- /dev/null
+++ b/nova/api/openstack/compute/plugins/v3/certificates.py
@@ -0,0 +1,105 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright (c) 2012 OpenStack Foundation
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License
+
+import webob.exc
+
+from nova.api.openstack import extensions
+from nova.api.openstack import wsgi
+from nova.api.openstack import xmlutil
+import nova.cert.rpcapi
+from nova import network
+
+authorize = extensions.extension_authorizer('compute', 'certificates')
+
+
+def make_certificate(elem):
+    elem.set('data')
+    elem.set('private_key')
+
+
+class CertificateTemplate(xmlutil.TemplateBuilder):
+    def construct(self):
+        root = xmlutil.TemplateElement('certificate',
+                                       selector='certificate')
+        make_certificate(root)
+        return xmlutil.MasterTemplate(root, 1)
+
+
+class CertificatesTemplate(xmlutil.TemplateBuilder):
+    def construct(self):
+        root = xmlutil.TemplateElement('certificates')
+        elem = xmlutil.SubTemplateElement(root, 'certificate',
+                                          selector='certificates')
+        make_certificate(elem)
+        return xmlutil.MasterTemplate(root, 1)
+
+
+def _translate_certificate_view(certificate, private_key=None):
+    return {
+        'data': certificate,
+        'private_key': private_key,
+    }
+
+
+class CertificatesController(object):
+    """The x509 Certificates API controller for the OpenStack API."""
+
+    def __init__(self):
+        self.network_api = network.API()
+        self.cert_rpcapi = nova.cert.rpcapi.CertAPI()
+        super(CertificatesController, self).__init__()
+
+    @wsgi.serializers(xml=CertificateTemplate)
+    def show(self, req, id):
+        """Return a list of certificates."""
+        context = req.environ['nova.context']
+        authorize(context)
+        if id != 'root':
+            msg = _("Only root certificate can be retrieved.")
+            raise webob.exc.HTTPNotImplemented(explanation=msg)
+        cert = self.cert_rpcapi.fetch_ca(context,
+                project_id=context.project_id)
+        return {'certificate': _translate_certificate_view(cert)}
+
+    @wsgi.serializers(xml=CertificateTemplate)
+    def create(self, req, body=None):
+        """Return a list of certificates."""
+        context = req.environ['nova.context']
+        authorize(context)
+        pk, cert = self.cert_rpcapi.generate_x509_cert(context,
+                user_id=context.user_id, project_id=context.project_id)
+        context = req.environ['nova.context']
+        return {'certificate': _translate_certificate_view(cert, pk)}
+
+
+class Certificates(extensions.ExtensionDescriptor):
+    """Certificates support."""
+
+    name = "Certificates"
+    alias = "os-certificates"
+    namespace = ("http://docs.openstack.org/compute/ext/"
+                 "certificates/api/v1.1")
+    updated = "2012-01-19T00:00:00+00:00"
+
+    def get_resources(self):
+        resources = []
+
+        res = extensions.ResourceExtension('os-certificates',
+                         CertificatesController(),
+                         member_actions={})
+        resources.append(res)
+
+        return resources
diff --git a/nova/tests/api/openstack/compute/plugins/v3/test_certificates.py b/nova/tests/api/openstack/compute/plugins/v3/test_certificates.py
new file mode 100644
index 000000000..df5a7e9a1
--- /dev/null
+++ b/nova/tests/api/openstack/compute/plugins/v3/test_certificates.py
@@ -0,0 +1,77 @@
+# Copyright (c) 2012 OpenStack Foundation
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from lxml import etree
+
+from nova.api.openstack.compute.contrib import certificates
+from nova import context
+from nova.openstack.common import rpc
+from nova import test
+from nova.tests.api.openstack import fakes
+
+
+def fake_get_root_cert(context, *args, **kwargs):
+    return 'fakeroot'
+
+
+def fake_create_cert(context, *args, **kwargs):
+    return 'fakepk', 'fakecert'
+
+
+class CertificatesTest(test.TestCase):
+    def setUp(self):
+        super(CertificatesTest, self).setUp()
+        self.context = context.RequestContext('fake', 'fake')
+        self.controller = certificates.CertificatesController()
+
+    def test_translate_certificate_view(self):
+        pk, cert = fake_create_cert(self.context)
+        view = certificates._translate_certificate_view(cert, pk)
+        self.assertEqual(view['data'], cert)
+        self.assertEqual(view['private_key'], pk)
+
+    def test_certificates_show_root(self):
+        self.stubs.Set(rpc, 'call', fake_get_root_cert)
+        req = fakes.HTTPRequest.blank('/v2/fake/os-certificates/root')
+        res_dict = self.controller.show(req, 'root')
+
+        cert = fake_get_root_cert(self.context)
+        response = {'certificate': {'data': cert, 'private_key': None}}
+        self.assertEqual(res_dict, response)
+
+    def test_certificates_create_certificate(self):
+        self.stubs.Set(rpc, 'call', fake_create_cert)
+        req = fakes.HTTPRequest.blank('/v2/fake/os-certificates/')
+        res_dict = self.controller.create(req)
+
+        pk, cert = fake_create_cert(self.context)
+        response = {'certificate': {'data': cert, 'private_key': pk}}
+        self.assertEqual(res_dict, response)
+
+
+class CertificatesSerializerTest(test.TestCase):
+    def test_index_serializer(self):
+        serializer = certificates.CertificateTemplate()
+        text = serializer.serialize(dict(
+                certificate=dict(
+                    data='fakecert',
+                    private_key='fakepk'),
+                ))
+
+        tree = etree.fromstring(text)
+
+        self.assertEqual('certificate', tree.tag)
+        self.assertEqual('fakepk', tree.get('private_key'))
+        self.assertEqual('fakecert', tree.get('data'))