2 files changed, 182 insertions, 0 deletions

diff --git a/nova/api/openstack/compute/plugins/v3/certificates.py b/nova/api/openstack/compute/plugins/v3/certificates.py
new file mode 100644
index 000000000..64a6e26fe
--- /dev/null
+++ b/nova/api/openstack/compute/plugins/v3/certificates.py
@@ -0,0 +1,105 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright (c) 2012 OpenStack Foundation
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License
+
+import webob.exc
+
+from nova.api.openstack import extensions
+from nova.api.openstack import wsgi
+from nova.api.openstack import xmlutil
+import nova.cert.rpcapi
+from nova import network
+
+authorize = extensions.extension_authorizer('compute', 'certificates')
+
+
+def make_certificate(elem):
+    elem.set('data')
+    elem.set('private_key')
+
+
+class CertificateTemplate(xmlutil.TemplateBuilder):
+    def construct(self):
+        root = xmlutil.TemplateElement('certificate',
+                                       selector='certificate')
+        make_certificate(root)
+        return xmlutil.MasterTemplate(root, 1)
+
+
+class CertificatesTemplate(xmlutil.TemplateBuilder):
+    def construct(self):
+        root = xmlutil.TemplateElement('certificates')
+        elem = xmlutil.SubTemplateElement(root, 'certificate',
+                                          selector='certificates')
+        make_certificate(elem)
+        return xmlutil.MasterTemplate(root, 1)
+
+
+def _translate_certificate_view(certificate, private_key=None):
+    return {
+        'data': certificate,
+        'private_key': private_key,
+    }
+
+
+class CertificatesController(object):
+    """The x509 Certificates API controller for the OpenStack API."""
+
+    def __init__(self):
+        self.network_api = network.API()
+        self.cert_rpcapi = nova.cert.rpcapi.CertAPI()
+        super(CertificatesController, self).__init__()
+
+    @wsgi.serializers(xml=CertificateTemplate)
+    def show(self, req, id):
+        """Return a list of certificates."""
+        context = req.environ['nova.context']
+        authorize(context)
+        if id != 'root':
+            msg = _("Only root certificate can be retrieved.")
+            raise webob.exc.HTTPNotImplemented(explanation=msg)
+        cert = self.cert_rpcapi.fetch_ca(context,
+                project_id=context.project_id)
+        return {'certificate': _translate_certificate_view(cert)}
+
+    @wsgi.serializers(xml=CertificateTemplate)
+    def create(self, req, body=None):
+        """Return a list of certificates."""
+        context = req.environ['nova.context']
+        authorize(context)
+        pk, cert = self.cert_rpcapi.generate_x509_cert(context,
+                user_id=context.user_id, project_id=context.project_id)
+        context = req.environ['nova.context']
+        return {'certificate': _translate_certificate_view(cert, pk)}
+
+
+class Certificates(extensions.ExtensionDescriptor):
+    """Certificates support."""
+
+    name = "Certificates"
+    alias = "os-certificates"
+    namespace = ("http://docs.openstack.org/compute/ext/"
+                 "certificates/api/v1.1")
+    updated = "2012-01-19T00:00:00+00:00"
+
+    def get_resources(self):
+        resources = []
+
+        res = extensions.ResourceExtension('os-certificates',
+                         CertificatesController(),
+                         member_actions={})
+        resources.append(res)
+
+        return resources
diff --git a/nova/tests/api/openstack/compute/plugins/v3/test_certificates.py b/nova/tests/api/openstack/compute/plugins/v3/test_certificates.py
new file mode 100644
index 000000000..df5a7e9a1
--- /dev/null
+++ b/nova/tests/api/openstack/compute/plugins/v3/test_certificates.py
@@ -0,0 +1,77 @@
+# Copyright (c) 2012 OpenStack Foundation
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from lxml import etree
+
+from nova.api.openstack.compute.contrib import certificates
+from nova import context
+from nova.openstack.common import rpc
+from nova import test
+from nova.tests.api.openstack import fakes
+
+
+def fake_get_root_cert(context, *args, **kwargs):
+    return 'fakeroot'
+
+
+def fake_create_cert(context, *args, **kwargs):
+    return 'fakepk', 'fakecert'
+
+
+class CertificatesTest(test.TestCase):
+    def setUp(self):
+        super(CertificatesTest, self).setUp()
+        self.context = context.RequestContext('fake', 'fake')
+        self.controller = certificates.CertificatesController()
+
+    def test_translate_certificate_view(self):
+        pk, cert = fake_create_cert(self.context)
+        view = certificates._translate_certificate_view(cert, pk)
+        self.assertEqual(view['data'], cert)
+        self.assertEqual(view['private_key'], pk)
+
+    def test_certificates_show_root(self):
+        self.stubs.Set(rpc, 'call', fake_get_root_cert)
+        req = fakes.HTTPRequest.blank('/v2/fake/os-certificates/root')
+        res_dict = self.controller.show(req, 'root')
+
+        cert = fake_get_root_cert(self.context)
+        response = {'certificate': {'data': cert, 'private_key': None}}
+        self.assertEqual(res_dict, response)
+
+    def test_certificates_create_certificate(self):
+        self.stubs.Set(rpc, 'call', fake_create_cert)
+        req = fakes.HTTPRequest.blank('/v2/fake/os-certificates/')
+        res_dict = self.controller.create(req)
+
+        pk, cert = fake_create_cert(self.context)
+        response = {'certificate': {'data': cert, 'private_key': pk}}
+        self.assertEqual(res_dict, response)
+
+
+class CertificatesSerializerTest(test.TestCase):
+    def test_index_serializer(self):
+        serializer = certificates.CertificateTemplate()
+        text = serializer.serialize(dict(
+                certificate=dict(
+                    data='fakecert',
+                    private_key='fakepk'),
+                ))
+
+        tree = etree.fromstring(text)
+
+        self.assertEqual('certificate', tree.tag)
+        self.assertEqual('fakepk', tree.get('private_key'))
+        self.assertEqual('fakecert', tree.get('data'))