Change bay.*_cert_uuid to bay.*_cert_ref

We decided to use barbican to store certs, and uuid of certs are stored to bay. But Barbican doesn't return uuid, it returns URI. So we should modify db table to store uri. Change-Id: I5c6baf43b35df9a1134fce4fbc581d7642fa8e84 Closes-Bug: #1489707 Partial-Implements: blueprint magnum-as-a-ca
2015-08-28 13:27:48 +09:00 · 2015-08-28 13:27:48 +09:00 · 7a51a250f6
parent c084eb20a2
commit 7a51a250f6
6 changed files with 53 additions and 9 deletions
--- a/magnum/api/controllers/v1/bay.py
+++ b/magnum/api/controllers/v1/bay.py
@ -41,7 +41,7 @@ class BayPatchType(types.JsonPatchType):
    def internal_attrs():
        internal_attrs = ['/api_address', '/node_addresses',
                          '/master_addresses', '/stack_id',
-                          '/ca_cert_uuid', '/magnum_cert_uuid']
+                          '/ca_cert_ref', '/magnum_cert_ref']
        return types.JsonPatchType.internal_attrs() + internal_attrs


--- a/magnum/db/sqlalchemy/alembic/versions/5518af8dbc21_rename_cert_uuid.py
+++ b/magnum/db/sqlalchemy/alembic/versions/5518af8dbc21_rename_cert_uuid.py
@ -0,0 +1,38 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+"""Rename cert_uuid
+
+Revision ID: 5518af8dbc21
+Revises: 6f21dc920bb
+Create Date: 2015-08-28 13:13:19.747625
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '5518af8dbc21'
+down_revision = '6f21dc920bb'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade():
+    op.alter_column('bay', 'ca_cert_uuid',
+                    new_column_name='ca_cert_ref',
+                    existing_type=sa.String(length=36),
+                    type_=sa.String(length=512),
+                    nullable=True)
+    op.alter_column('bay', 'magnum_cert_uuid',
+                    new_column_name='magnum_cert_ref',
+                    existing_type=sa.String(length=36),
+                    type_=sa.String(length=512),
+                    nullable=True)
--- a/magnum/db/sqlalchemy/models.py
+++ b/magnum/db/sqlalchemy/models.py
@ -117,8 +117,14 @@ class Bay(Base):
    status_reason = Column(Text)
    discovery_url = Column(String(255))
    master_addresses = Column(JSONEncodedList)
-    ca_cert_uuid = Column(String(36))
-    magnum_cert_uuid = Column(String(36))
+    # (yuanying) if we use barbican,
+    # cert_ref size is determined by below format
+    # * http(s)://${DOMAIN_NAME}/v1/containers/${UUID}
+    # as a result, cert_ref length is estimated to 312 chars.
+    # but we can use another backend to store certs.
+    # so, we use 512 chars to get some buffer.
+    ca_cert_ref = Column(String(512))
+    magnum_cert_ref = Column(String(512))


 class BayLock(Base):
--- a/magnum/objects/bay.py
+++ b/magnum/objects/bay.py
@ -46,8 +46,8 @@ class Bay(base.MagnumPersistentObject, base.MagnumObject,
        'master_count': fields.IntegerField(nullable=True),
        'discovery_url': fields.StringField(nullable=True),
        'master_addresses': fields.ListOfStringsField(nullable=True),
-        'ca_cert_uuid': fields.StringField(nullable=True),
-        'magnum_cert_uuid': fields.StringField(nullable=True),
+        'ca_cert_ref': fields.StringField(nullable=True),
+        'magnum_cert_ref': fields.StringField(nullable=True),
    }

    @staticmethod
--- a/magnum/tests/unit/conductor/handlers/test_bay_conductor.py
+++ b/magnum/tests/unit/conductor/handlers/test_bay_conductor.py
@ -58,8 +58,8 @@ class TestBayConductorWithK8s(base.TestCase):
            'master_count': 1,
            'discovery_url': 'https://discovery.etcd.io/test',
            'master_addresses': ['172.17.2.18'],
-            'ca_cert_uuid': 'xx-xx-xx-xx',
-            'magnum_cert_uuid': 'xx-xx-xx-xx',
+            'ca_cert_ref': 'http://barbican/v1/containers/xx-xx-xx-xx',
+            'magnum_cert_ref': 'http://barbican/v1/containers/xx-xx-xx-xx',
        }

    @patch('magnum.objects.BayModel.get_by_uuid')
--- a/magnum/tests/unit/db/utils.py
+++ b/magnum/tests/unit/db/utils.py
@ -73,8 +73,8 @@ def get_test_bay(**kw):
        'uuid': kw.get('uuid', '5d12f6fd-a196-4bf0-ae4c-1f639a523a52'),
        'name': kw.get('name', 'bay1'),
        'discovery_url': kw.get('discovery_url', None),
-        'ca_cert_uuid': kw.get('ca_cert_uuid', None),
-        'magnum_cert_uuid': kw.get('magnum_cert_uuid', None),
+        'ca_cert_ref': kw.get('ca_cert_ref', None),
+        'magnum_cert_ref': kw.get('magnum_cert_ref', None),
        'project_id': kw.get('project_id', 'fake_project'),
        'user_id': kw.get('user_id', 'fake_user'),
        'baymodel_id': kw.get('baymodel_id',