elb certificates (#118)

elb certificates

Reviewed-by: Tino Schr
             https://github.com/tischrei

examples/elb/create_elb_cert.py

@@ -0,0 +1,75 @@
+#!/usr/bin/env python3
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+"""
+Create new ELB server cert
+"""
+import openstack
+
+_PRIVATE_KEY = """-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDrvw+CfkRMtN6I
+KQK+YNKhjdWqUCnTI7YqZLDhZkoIqcvK1F2mjkcoGXOAjCjvGXf/xX35j0dGLgHK
+e3AwNaQDPRWec6DuTqh9kBq9Qy7rUs6Na85wwSN8FG7z9XRuWR9NhEg24nrATUr/
+k5biBtHKiP22xI9nVws+IEoYVGOOjJ2CPt9XszaS/pdN6bQLchPSLOM5WN6BHCVn
+u19RnSKFqCr8AmYx2Aqo30uFTHy1EhvSX8CnRTHNvWl7qciISqiNenXjIZyCe80n
+7VB+LzSbm3HeqMDsM0euq0P5uPty2A6Uuo/TlPWlls6ZhFTP+AQ9H78kPWY9nKjl
+1Ja4K0sbAgMBAAECggEANJ9oceOHkWvKRLCK2T45pjBH4oWUYHoXPq1NQnMX0Yk9
+YWA4K2aVAaF0w9wFgyG3RJOsBBn0efjpE26sY0aF/ucSvVToNmm+eJDDNz4Y6hSI
+4M6QvWCPcDILdk9zFvKz5xTBHec+KVDXjec/BeMpz0D3CWYk8JdgfhStFXM46eeR
+z1KBOq51x+I0VD3Ar4T3hfKG2IViwevC/7kghBw+D1U/c4stHFCXv4JlrhFET2I6
+kquGtV38fMUdWBLRVr0wBB4orm+9rpSlTvbnDuuEJcb8rKvrLkGraUhSTqepQD6M
+lTN4BxY+3NqdnP/SKVBRoXr+gQsLdgPUAhkvTB8f0QKBgQD32mpyweaMZYTqZ8xF
+xOBzjCTGVHNlXMMt8rz9+kJ4krJ77R3L07qf+mo5bsOB2ZybHhTy7+G6QO8TXyrI
+60nbpoFR0eyWy6kdn4NtY/9BCcj13cV1D495zLr2HAveWDVVGJpLorkG5d674dtl
+wD+B5EQIliCVR5GWMeciFGrewwKBgQDzfsU+EXlKAw6KMInyRP/+nWNk0PFir01H
+Q4C/SrTM/Y8bCJ3/pWVAQsxEbQk1pOdWcdzHFf8BRncMA+OUDTxSCHJYiaqL+2pN
+nNB3/bShocMKvDodJxXWMhdM2fMLFMtYCNsjr0DM8Cqvw7oZF8MY6oxM+uWzmI5R
+nWKFMFXMyQKBgQDBK8PnKOSM69qJ7tgwUF827zUCNnOxvniIaTWPJOuFmZ/uIkIk
+yCId6Ue892z82SPLacieBwQA6/bpPDTWXzszLDSCFoC0joqCAf6m1Vbt07iCl5P7
+xmLmZQAaLIW7hzgZ2JD4/hwDGklcWY1rYkic7dFwd8FxV1RKoR4pW4xnjQKBgQDf
+nEbU9kUVg/MhUuwL8fPJxo3VstBKWUS1sjcU9S1Op3h5UhOPBzwRpIZkPGHdwr+0
+MkKXDgsuB6EiBpxDhVgk2Z7w0hQuE0gPWHhWCUaNvLkaLbuMtC0olL2zFOBPB9yp
+zxA4GCSBT/lTioJnstu3EQahVzQFF49zQf6M49OXiQKBgCqOdwZjTH5gBnDSbWMM
+WAFcxEzr5moG4nJzz/5sGqN5IRy1zDd/QkV2KEhjzWFbpGMgbgNTiLmz0BT6hUXl
+/jS27B9AOPsdktyb88+ZuEfG6dYCmPnjBiOUrovbFk5IIAmiMAUT+W9HXN9shH0g
+Ltxv392mcEGwmbfc1YJJfN2B
+-----END PRIVATE KEY-----"""
+
+_CERTIFICATE = """-----BEGIN CERTIFICATE-----
+MIIDADCCAegCCQCUu4mu6VfH/zANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJE
+RTELMAkGA1UEBwwCUEIxDDAKBgNVBAoMA1RTSTEYMBYGA1UEAwwPbXlmYWtlLnRl
+c3QuY29tMB4XDTIwMDkwMTA5Mjc1M1oXDTIxMDkwMTA5Mjc1M1owQjELMAkGA1UE
+BhMCREUxCzAJBgNVBAcMAlBCMQwwCgYDVQQKDANUU0kxGDAWBgNVBAMMD215ZmFr
+ZS50ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOu/D4J+
+REy03ogpAr5g0qGN1apQKdMjtipksOFmSgipy8rUXaaORygZc4CMKO8Zd//FffmP
+R0YuAcp7cDA1pAM9FZ5zoO5OqH2QGr1DLutSzo1rznDBI3wUbvP1dG5ZH02ESDbi
+esBNSv+TluIG0cqI/bbEj2dXCz4gShhUY46MnYI+31ezNpL+l03ptAtyE9Is4zlY
+3oEcJWe7X1GdIoWoKvwCZjHYCqjfS4VMfLUSG9JfwKdFMc29aXupyIhKqI16deMh
+nIJ7zSftUH4vNJubcd6owOwzR66rQ/m4+3LYDpS6j9OU9aWWzpmEVM/4BD0fvyQ9
+Zj2cqOXUlrgrSxsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAcNsm1y3PgC47O7qW
+3X531EiXmXsKuFWrpQeuVgSI/PrtXCn3/Gr1GcFQDA3k5iyDsApohwbyUcpXhA6c
+842r2Flb11tMF7lxHwHGffryBeFbvCNSNYDvN9zA/XQfqpYi4UPPXPyLH0jVD0Ek
+BCqJJFFzkRbUTcvTxCUxNEYpIQC8U4RSyWXg5kTu6302YjmWaNcP3bfL4II/ddI4
+WyGW6tZI2z7GTYPutWljmtfgEto2Y3FimtiGU+P/uB6SxlESzkGEvAfEduGlyxY8
+uslYHnizLvYY6FaAdExE1TpM6YrM3b7aYMgv700CDsBCpFncQUx9tujpQxCmMoHZ
+rNcviQ==
+-----END CERTIFICATE-----"""
+
+openstack.enable_logging(True)
+conn = openstack.connect(cloud='otc')
+
+cert = conn.elb.create_certificate(
+    private_key=_PRIVATE_KEY,
+    certificate=_CERTIFICATE,
+    name="test_certificate"
+)
+print(cert)

examples/elb/find_elb_cert.py

@@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+"""
+List all ELB certs
+"""
+import openstack
+
+openstack.enable_logging(True)
+conn = openstack.connect(cloud='otc')
+
+cert = conn.elb.find_certificate(name_or_id="cert-testServer")
+print(cert)

examples/elb/list_elb_certs.py

@@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+"""
+List all ELB certs
+"""
+import openstack
+
+openstack.enable_logging(True)
+conn = openstack.connect(cloud='otc')
+
+for cert in conn.elb.certificates():
+    print(cert)

otcextensions/sdk/__init__.py

@@ -107,6 +107,10 @@
     'ecs': {
         'service_type': 'ecs',
     },
+    'elb': {
+        'service_type': 'elb',
+        'replace_system': True
+    },
     'identity': {
         'service_type': 'identity',
         'replace_system': True

otcextensions/sdk/elb/elb_service.py

@@ -0,0 +1,22 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from otcextensions.sdk.elb.v2 import _proxy as _proxy_v2
+from openstack import service_description
+
+
+class ElbService(service_description.ServiceDescription):
+    """The identity service."""
+
+    supported_versions = {
+        '2': _proxy_v2.Proxy,
+    }

otcextensions/sdk/elb/v2/_base.py

@@ -0,0 +1,183 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+from openstack import exceptions
+from openstack import resource
+
+
+class Resource(resource.Resource):
+
+    @classmethod
+    def find(cls, session, name_or_id, ignore_missing=True, **params):
+        """Find a resource by its name or id.
+
+        :param session: The session to use for making this request.
+        :type session: :class:`~keystoneauth1.adapter.Adapter`
+        :param name_or_id: This resource's identifier, if needed by
+                           the request. The default is ``None``.
+        :param bool ignore_missing: When set to ``False``
+                    :class:`~openstack.exceptions.ResourceNotFound` will be
+                    raised when the resource does not exist.
+                    When set to ``True``, None will be returned when
+                    attempting to find a nonexistent resource.
+        :param dict params: Any additional parameters to be passed into
+                            underlying methods, such as to
+                            :meth:`~openstack.resource.Resource.existing`
+                            in order to pass on URI parameters.
+
+        :return: The :class:`Resource` object matching the given name or id
+                 or None if nothing matches.
+        :raises: :class:`openstack.exceptions.DuplicateResource` if more
+                 than one resource is found for this request.
+        :raises: :class:`openstack.exceptions.ResourceNotFound` if nothing
+                 is found and ignore_missing is ``False``.
+        """
+        session = cls._get_session(session)
+        # Try to short-circuit by looking directly for a matching ID.
+        try:
+            match = cls.existing(
+                id=name_or_id,
+                connection=session._get_connection(),
+                **params)
+            return match.fetch(session, **params)
+        except exceptions.SDKException:
+            # ELB will return 400 when we try to do GET with name
+            pass
+
+        if ('name' in cls._query_mapping._mapping.keys()
+                and 'name' not in params):
+            params['name'] = name_or_id
+
+        data = cls.list(session, **params)
+
+        result = cls._get_one_match(name_or_id, data)
+        if result is not None:
+            return result
+
+        if ignore_missing:
+            return None
+        raise exceptions.ResourceNotFound(
+            "No %s found for %s" % (cls.__name__, name_or_id))
+
+    @classmethod
+    def list(cls, session, paginated=True, base_path=None,
+             allow_unknown_params=False, **params):
+        """This method is a generator which yields resource objects.
+
+        This resource object list generator handles pagination and takes query
+        params for response filtering.
+
+        :param session: The session to use for making this request.
+        :type session: :class:`~keystoneauth1.adapter.Adapter`
+        :param bool paginated: ``True`` if a GET to this resource returns
+            a paginated series of responses, or ``False``
+            if a GET returns only one page of data.
+            **When paginated is False only one
+            page of data will be returned regardless
+            of the API's support of pagination.**
+        :param str base_path: Base part of the URI for listing resources, if
+            different from :data:`~openstack.resource.Resource.base_path`.
+        :param bool allow_unknown_params: ``True`` to accept, but discard
+            unknown query parameters. This allows getting list of 'filters' and
+            passing everything known to the server. ``False`` will result in
+            validation exception when unknown query parameters are passed.
+        :param dict params: These keyword arguments are passed through the
+            :meth:`~openstack.resource.QueryParamter._transpose` method
+            to find if any of them match expected query parameters to be
+            sent in the *params* argument to
+            :meth:`~keystoneauth1.adapter.Adapter.get`. They are additionally
+            checked against the
+            :data:`~openstack.resource.Resource.base_path` format string
+            to see if any path fragments need to be filled in by the contents
+            of this argument.
+
+        :return: A generator of :class:`Resource` objects.
+        :raises: :exc:`~openstack.exceptions.MethodNotSupported` if
+                 :data:`Resource.allow_list` is not set to ``True``.
+        :raises: :exc:`~openstack.exceptions.InvalidResourceQuery` if query
+                 contains invalid params.
+        """
+        if not cls.allow_list:
+            raise exceptions.MethodNotSupported(cls, "list")
+
+        if base_path is None:
+            base_path = cls.base_path
+        params = cls._query_mapping._validate(
+            params, base_path=base_path,
+            allow_unknown_params=allow_unknown_params)
+        query_params = cls._query_mapping._transpose(params, cls)
+        uri = base_path % params
+
+        limit = query_params.get('limit', '10')
+
+        # Track the total number of resources yielded so we can paginate
+        # swift objects
+        total_yielded = 0
+        page = 0
+        while uri:
+            # Copy query_params due to weird mock unittest interactions
+            response = session.get(
+                uri,
+                headers={"Accept": "application/json"},
+                params=query_params.copy(),
+            )
+            exceptions.raise_from_response(response)
+            data = response.json()
+
+            # Discard any existing pagination keys
+            query_params.pop('marker', None)
+            query_params.pop('limit', None)
+
+            if cls.resources_key:
+                resources = data[cls.resources_key]
+            else:
+                resources = data
+
+            if not isinstance(resources, list):
+                resources = [resources]
+
+            marker = None
+            for raw_resource in resources:
+                # Do not allow keys called "self" through. Glance chose
+                # to name a key "self", so we need to pop it out because
+                # we can't send it through cls.existing and into the
+                # Resource initializer. "self" is already the first
+                # argument and is practically a reserved word.
+                raw_resource.pop("self", None)
+
+                value = cls.existing(
+                    connection=session._get_connection(),
+                    **raw_resource)
+                marker = value.id
+                yield value
+                total_yielded += 1
+
+            if resources and paginated:
+                page += 1
+                uri, next_params = cls._get_next_link(
+                    uri, response, data, marker, limit, total_yielded, page)
+                query_params.update(next_params)
+            else:
+                return
+
+    @classmethod
+    def _get_next_link(cls, uri, response, data, marker, limit, total_yielded,
+                       page):
+        next_link = None
+        params = {}
+        if total_yielded < data['instance_num']:
+            next_link = uri
+            params['offset'] = page
+            params['limit'] = limit
+        else:
+            next_link = None
+        query_params = cls._query_mapping._transpose(params, cls)
+        return next_link, query_params