Implement VDC keystore service (#41)

* Implement VDC keystore service including a sample key and certificate

* Show VDC keystore as supported in readme file

* Add warning to VDC keystore update method

Author: adrianmo

README.rst

@@ -195,7 +195,7 @@ The following table shows the supported endpoints per API version.
 +--------------------------+---------+---------+
 | Virtual Data Center      |    ✓    |    ✓    |
 +--------------------------+---------+---------+
-| VDC Keystore             |    ✗    |    ✗    |
+| VDC Keystore             |    ✓    |    ✓    |
 +--------------------------+---------+---------+
 | **Support**                                  |
 +--------------------------+---------+---------+

ecsclient/common/provisioning/vdc_keystore.py

@@ -0,0 +1,58 @@
+import logging
+
+log = logging.getLogger(__name__)
+
+
+class VdcKeystore(object):
+    def __init__(self, connection):
+        """
+        Initialize a new instance
+        """
+        self.conn = connection
+
+    def get(self):
+        """
+        Get the certificate chain being used by ECS.
+
+        Required role(s):
+
+        This call has no restrictions.
+
+        Example JSON result from the API:
+
+        {
+            "chain": "-----BEGIN CERTIFICATE-----\nMIIDBjCCAe4..."
+        }
+        """
+        log.info("Getting the certificate chain")
+        return self.conn.get('vdc/keystore')
+
+    def set(self, private_key, certificate_chain):
+        """
+        Set the private key and certificate chain being used by ECS.
+        WARNING: Note that the certificate will not be updated until ECS is
+        restarted. Restarting ECS is out of the scope of this library.
+
+        Required role(s):
+
+        SYSTEM_ADMIN
+
+        Example JSON result from the API:
+
+        {
+            "chain": "-----BEGIN CERTIFICATE-----\nMIIDBjCCAe4..."
+        }
+
+        :param private_key: The private key to be set
+        :param certificate_chain: The certificate chain to be set
+        """
+        payload = {
+          "key_and_certificate": {
+            "private_key": private_key,
+            "certificate_chain": certificate_chain
+          }
+        }
+
+        log.info("Setting the private key and certificate chain (ECS must be "
+                 "restarted for this change to take effect)")
+        return self.conn.put('vdc/keystore', json_payload=payload)

ecsclient/schemas.py

@@ -786,3 +786,13 @@
         "groups_list"
     ]
 }
+
+VDC_KEYSTORE = {
+    "type": "object",
+    "properties": {
+        "chain": {"type": "string"}
+    },
+    "required": [
+        "chain"
+    ]
+}

ecsclient/v2/client.py

@@ -5,7 +5,8 @@
 from ecsclient.v2.configuration import certificate, configuration_properties, licensing
 from ecsclient.v2.configuration import feature
 from ecsclient.v2.geo_replication import replication_group, temporary_failed_zone
-from ecsclient.v2.provisioning import base_url, bucket, data_store, storage_pool, virtual_data_center, node
+from ecsclient.v2.provisioning import base_url, bucket, data_store, storage_pool, virtual_data_center, node, \
+    vdc_keystore
 from ecsclient.v2.metering import billing
 from ecsclient.v2.monitoring import capacity, dashboard, events
 from ecsclient.v2.multitenancy import namespace
@@ -61,7 +62,7 @@ def __init__(self, *args, **kwargs):
         self.node = node.Node(self)
         self.storage_pool = storage_pool.StoragePool(self)
         self.vdc = virtual_data_center.VirtualDataCenter(self)
-        # TODO: vdc_keystore = vdc_keystore.VdcKeystore(self)
+        self.vdc_keystore = vdc_keystore.VdcKeystore(self)
 
         # Support
         # TODO: self.call_home = call_home.CallHome(self)

ecsclient/v2/provisioning/__init__.py

@@ -1,8 +1,10 @@
-from ecsclient.common.provisioning import base_url, bucket, data_store, storage_pool, virtual_data_center, node
+from ecsclient.common.provisioning import base_url, bucket, data_store, storage_pool, virtual_data_center, node, \
+    vdc_keystore
 
 base_url = base_url
 bucket = bucket
 data_store = data_store
 storage_pool = storage_pool
 virtual_data_center = virtual_data_center
 node = node
+vdc_keystore = vdc_keystore

ecsclient/v3/client.py

@@ -8,8 +8,8 @@
 from ecsclient.v3.monitoring import capacity, dashboard, events
 from ecsclient.v3.multitenancy import namespace
 from ecsclient.v3.geo_replication import replication_group, temporary_failed_zone
-from ecsclient.v2.provisioning import base_url, bucket, data_store, storage_pool, \
-    virtual_data_center, node
+from ecsclient.v3.provisioning import base_url, bucket, data_store, storage_pool, \
+    virtual_data_center, node, vdc_keystore
 from ecsclient.v3.user_management import authentication_provider, management_user, \
     object_user, secret_key, password_group
 from ecsclient.v3.other import user_info
@@ -64,7 +64,7 @@ def __init__(self, *args, **kwargs):
         self.node = node.Node(self)
         self.storage_pool = storage_pool.StoragePool(self)
         self.vdc = virtual_data_center.VirtualDataCenter(self)
-        # TODO: vdc_keystore = vdc_keystore.VdcKeystore(self)
+        self.vdc_keystore = vdc_keystore.VdcKeystore(self)
 
         # Support
         # TODO: self.call_home = call_home.CallHome(self)

ecsclient/v3/provisioning/__init__.py

@@ -1,7 +1,8 @@
-from ecsclient.common.provisioning import base_url, bucket, data_store, storage_pool, virtual_data_center
+from ecsclient.common.provisioning import base_url, bucket, data_store, storage_pool, virtual_data_center, vdc_keystore
 
 base_url = base_url
 bucket = bucket
 data_store = data_store
 storage_pool = storage_pool
 virtual_data_center = virtual_data_center
+vdc_keystore = vdc_keystore

tests/functional/__init__.py

@@ -16,7 +16,7 @@ def __init__(self, *args, **kwargs):
 
     def _get_config(self):
         config_file = os.environ.get('ECS_TEST_CONFIG_FILE',
-                                     '/home/ubuntu/src/test.conf')
+                                     os.path.join(os.getcwd(), "tests/test.conf"))
         config = configparser.ConfigParser()
         config.read(config_file)
         self.config = config

tests/functional/test_vdc_keystore.py

@@ -0,0 +1,19 @@
+from ecsclient import schemas
+from tests import functional
+from tests.functional import helper
+
+
+class TestVdcKeystore(functional.BaseTestCase):
+
+    def test_vdc_keystore_get(self):
+        response = self.client.vdc_keystore.get()
+        self.assertValidSchema(response, schemas.VDC_KEYSTORE)
+
+    def test_vdc_keystore_set(self):
+        private_key = helper.get_sample_private_key()
+        certificate = helper.get_sample_certificate()
+        response = self.client.vdc_keystore.set(private_key, certificate)
+        self.assertValidSchema(response, schemas.VDC_KEYSTORE)
+        # Can't validate the certificate and private key at this point
+        # because it does not take effect until the ECS is manually restarted
+        # self.assertSameCertificate(certificate, response['chain'])

tests/sample.conf

@@ -6,4 +6,4 @@ ecs_endpoint = https://10.0.1.1:4443
 username = root
 password = ChangeMe
 api_version = 3
-license_file = /home/user/license.lic
+license_file = /home/user/license.lic