Add V2 rpc api for cert
Add support for the 2.0 cert rpc API. This commit retains compatibility with the older 1.X API to allow continuous deployment without any downtime. The v2 rev of this API is really simple. It removes the get_backdoor_port() method, which was moved to the base rpc API common to all services in havana. UpgradeImpact - Deployments doing continuous deployment should follow this process to upgrade without any downtime with the consoleauth service: 1) Set [upgrade_levels] cert=havana in your config. 2) Upgrade to this commit. 3) Once everything has been upgraded, remove the entry in [upgrade_levels] so that all rpc clients to the nova-cert service start sending the new 2.0 messages. Part of blueprint rpc-major-version-updates-icehouse Change-Id: Icab0d5f380f43c454c166fa3479dacda74d89a02
This commit is contained in:
parent
5dab438398
commit
25af2fa784
|
@ -37,6 +37,12 @@ class CertManager(manager.Manager):
|
|||
super(CertManager, self).__init__(service_name='cert',
|
||||
*args, **kwargs)
|
||||
|
||||
def create_rpc_dispatcher(self, backdoor_port=None, additional_apis=None):
|
||||
additional_apis = additional_apis or []
|
||||
additional_apis.append(_CertV2Proxy(self))
|
||||
return super(CertManager, self).create_rpc_dispatcher(
|
||||
backdoor_port, additional_apis)
|
||||
|
||||
def init_host(self):
|
||||
crypto.ensure_ca_filesystem()
|
||||
|
||||
|
@ -72,3 +78,33 @@ class CertManager(manager.Manager):
|
|||
# deprecated in favor of the method in the base API.
|
||||
def get_backdoor_port(self, context):
|
||||
return self.backdoor_port
|
||||
|
||||
|
||||
class _CertV2Proxy(object):
|
||||
|
||||
RPC_API_VERSION = '2.0'
|
||||
|
||||
def __init__(self, manager):
|
||||
self.manager = manager
|
||||
|
||||
def revoke_certs_by_user(self, context, user_id):
|
||||
return self.manager.revoke_certs_by_user(context, user_id)
|
||||
|
||||
def revoke_certs_by_project(self, context, project_id):
|
||||
return self.manager.revoke_certs_by_project(context, project_id)
|
||||
|
||||
def revoke_certs_by_user_and_project(self, context, user_id, project_id):
|
||||
return self.manager.revoke_certs_by_user_and_project(context, user_id,
|
||||
project_id)
|
||||
|
||||
def generate_x509_cert(self, context, user_id, project_id):
|
||||
return self.manager.generate_x509_cert(context, user_id, project_id)
|
||||
|
||||
def fetch_ca(self, context, project_id):
|
||||
return self.manager.fetch_ca(context, project_id)
|
||||
|
||||
def fetch_crl(self, context, project_id):
|
||||
return self.manager.fetch_crl(context, project_id)
|
||||
|
||||
def decrypt_text(self, context, project_id, text):
|
||||
return self.manager.decrypt_text(context, project_id, text)
|
||||
|
|
|
@ -47,6 +47,8 @@ class CertAPI(rpcclient.RpcProxy):
|
|||
... Grizzly and Havana support message version 1.1. So, any changes to
|
||||
existing methods in 1.x after that point should be done such that they
|
||||
can handle the version_cap being set to 1.1.
|
||||
|
||||
2.0 - Major API rev for Icehouse
|
||||
'''
|
||||
|
||||
#
|
||||
|
@ -57,7 +59,7 @@ class CertAPI(rpcclient.RpcProxy):
|
|||
# about rpc API versioning, see the docs in
|
||||
# openstack/common/rpc/dispatcher.py.
|
||||
#
|
||||
BASE_RPC_API_VERSION = '1.0'
|
||||
BASE_RPC_API_VERSION = '2.0'
|
||||
|
||||
VERSION_ALIASES = {
|
||||
'grizzly': '1.1',
|
||||
|
@ -73,29 +75,55 @@ class CertAPI(rpcclient.RpcProxy):
|
|||
version_cap=version_cap)
|
||||
self.client = self.get_client()
|
||||
|
||||
def _get_compat_version(self, current, havana_compat):
|
||||
if not self.can_send_version(current):
|
||||
return havana_compat
|
||||
return current
|
||||
|
||||
def revoke_certs_by_user(self, ctxt, user_id):
|
||||
return self.client.call(ctxt, 'revoke_certs_by_user', user_id=user_id)
|
||||
# NOTE(russellb) Havana compat
|
||||
version = self._get_compat_version('2.0', '1.0')
|
||||
cctxt = self.client.prepare(version=version)
|
||||
return cctxt.call(ctxt, 'revoke_certs_by_user', user_id=user_id)
|
||||
|
||||
def revoke_certs_by_project(self, ctxt, project_id):
|
||||
return self.client.call(ctxt, 'revoke_certs_by_project',
|
||||
project_id=project_id)
|
||||
# NOTE(russellb) Havana compat
|
||||
version = self._get_compat_version('2.0', '1.0')
|
||||
cctxt = self.client.prepare(version=version)
|
||||
return cctxt.call(ctxt, 'revoke_certs_by_project',
|
||||
project_id=project_id)
|
||||
|
||||
def revoke_certs_by_user_and_project(self, ctxt, user_id, project_id):
|
||||
return self.client.call(ctxt, 'revoke_certs_by_user_and_project',
|
||||
user_id=user_id, project_id=project_id)
|
||||
# NOTE(russellb) Havana compat
|
||||
version = self._get_compat_version('2.0', '1.0')
|
||||
cctxt = self.client.prepare(version=version)
|
||||
return cctxt.call(ctxt, 'revoke_certs_by_user_and_project',
|
||||
user_id=user_id, project_id=project_id)
|
||||
|
||||
def generate_x509_cert(self, ctxt, user_id, project_id):
|
||||
return self.client.call(ctxt, 'generate_x509_cert',
|
||||
user_id=user_id,
|
||||
project_id=project_id)
|
||||
# NOTE(russellb) Havana compat
|
||||
version = self._get_compat_version('2.0', '1.0')
|
||||
cctxt = self.client.prepare(version=version)
|
||||
return cctxt.call(ctxt, 'generate_x509_cert',
|
||||
user_id=user_id,
|
||||
project_id=project_id)
|
||||
|
||||
def fetch_ca(self, ctxt, project_id):
|
||||
return self.client.call(ctxt, 'fetch_ca', project_id=project_id)
|
||||
# NOTE(russellb) Havana compat
|
||||
version = self._get_compat_version('2.0', '1.0')
|
||||
cctxt = self.client.prepare(version=version)
|
||||
return cctxt.call(ctxt, 'fetch_ca', project_id=project_id)
|
||||
|
||||
def fetch_crl(self, ctxt, project_id):
|
||||
return self.client.call(ctxt, 'fetch_crl', project_id=project_id)
|
||||
# NOTE(russellb) Havana compat
|
||||
version = self._get_compat_version('2.0', '1.0')
|
||||
cctxt = self.client.prepare(version=version)
|
||||
return cctxt.call(ctxt, 'fetch_crl', project_id=project_id)
|
||||
|
||||
def decrypt_text(self, ctxt, project_id, text):
|
||||
return self.client.call(ctxt, 'decrypt_text',
|
||||
project_id=project_id,
|
||||
text=text)
|
||||
# NOTE(russellb) Havana compat
|
||||
version = self._get_compat_version('2.0', '1.0')
|
||||
cctxt = self.client.prepare(version=version)
|
||||
return cctxt.call(ctxt, 'decrypt_text',
|
||||
project_id=project_id,
|
||||
text=text)
|
||||
|
|
|
@ -62,26 +62,64 @@ class CertRpcAPITestCase(test.NoDBTestCase):
|
|||
def test_revoke_certs_by_user(self):
|
||||
self._test_cert_api('revoke_certs_by_user', user_id='fake_user_id')
|
||||
|
||||
# NOTE(russellb) Havana compat
|
||||
self.flags(cert='havana', group='upgrade_levels')
|
||||
self._test_cert_api('revoke_certs_by_user', user_id='fake_user_id',
|
||||
version='1.0')
|
||||
|
||||
def test_revoke_certs_by_project(self):
|
||||
self._test_cert_api('revoke_certs_by_project',
|
||||
project_id='fake_project_id')
|
||||
|
||||
# NOTE(russellb) Havana compat
|
||||
self.flags(cert='havana', group='upgrade_levels')
|
||||
self._test_cert_api('revoke_certs_by_project',
|
||||
project_id='fake_project_id', version='1.0')
|
||||
|
||||
def test_revoke_certs_by_user_and_project(self):
|
||||
self._test_cert_api('revoke_certs_by_user_and_project',
|
||||
user_id='fake_user_id',
|
||||
project_id='fake_project_id')
|
||||
|
||||
# NOTE(russellb) Havana compat
|
||||
self.flags(cert='havana', group='upgrade_levels')
|
||||
self._test_cert_api('revoke_certs_by_user_and_project',
|
||||
user_id='fake_user_id',
|
||||
project_id='fake_project_id', version='1.0')
|
||||
|
||||
def test_generate_x509_cert(self):
|
||||
self._test_cert_api('generate_x509_cert',
|
||||
user_id='fake_user_id',
|
||||
project_id='fake_project_id')
|
||||
|
||||
# NOTE(russellb) Havana compat
|
||||
self.flags(cert='havana', group='upgrade_levels')
|
||||
self._test_cert_api('generate_x509_cert',
|
||||
user_id='fake_user_id',
|
||||
project_id='fake_project_id', version='1.0')
|
||||
|
||||
def test_fetch_ca(self):
|
||||
self._test_cert_api('fetch_ca', project_id='fake_project_id')
|
||||
|
||||
# NOTE(russellb) Havana compat
|
||||
self.flags(cert='havana', group='upgrade_levels')
|
||||
self._test_cert_api('fetch_ca', project_id='fake_project_id',
|
||||
version='1.0')
|
||||
|
||||
def test_fetch_crl(self):
|
||||
self._test_cert_api('fetch_crl', project_id='fake_project_id')
|
||||
|
||||
# NOTE(russellb) Havana compat
|
||||
self.flags(cert='havana', group='upgrade_levels')
|
||||
self._test_cert_api('fetch_crl', project_id='fake_project_id',
|
||||
version='1.0')
|
||||
|
||||
def test_decrypt_text(self):
|
||||
self._test_cert_api('decrypt_text',
|
||||
project_id='fake_project_id', text='blah')
|
||||
|
||||
# NOTE(russellb) Havana compat
|
||||
self.flags(cert='havana', group='upgrade_levels')
|
||||
self._test_cert_api('decrypt_text',
|
||||
project_id='fake_project_id', text='blah',
|
||||
version='1.0')
|
||||
|
|
Loading…
Reference in New Issue