diff --git a/nova/cert/manager.py b/nova/cert/manager.py index 303cb547e63b..a8ae55ee72a8 100644 --- a/nova/cert/manager.py +++ b/nova/cert/manager.py @@ -37,6 +37,12 @@ class CertManager(manager.Manager): super(CertManager, self).__init__(service_name='cert', *args, **kwargs) + def create_rpc_dispatcher(self, backdoor_port=None, additional_apis=None): + additional_apis = additional_apis or [] + additional_apis.append(_CertV2Proxy(self)) + return super(CertManager, self).create_rpc_dispatcher( + backdoor_port, additional_apis) + def init_host(self): crypto.ensure_ca_filesystem() @@ -72,3 +78,33 @@ class CertManager(manager.Manager): # deprecated in favor of the method in the base API. def get_backdoor_port(self, context): return self.backdoor_port + + +class _CertV2Proxy(object): + + RPC_API_VERSION = '2.0' + + def __init__(self, manager): + self.manager = manager + + def revoke_certs_by_user(self, context, user_id): + return self.manager.revoke_certs_by_user(context, user_id) + + def revoke_certs_by_project(self, context, project_id): + return self.manager.revoke_certs_by_project(context, project_id) + + def revoke_certs_by_user_and_project(self, context, user_id, project_id): + return self.manager.revoke_certs_by_user_and_project(context, user_id, + project_id) + + def generate_x509_cert(self, context, user_id, project_id): + return self.manager.generate_x509_cert(context, user_id, project_id) + + def fetch_ca(self, context, project_id): + return self.manager.fetch_ca(context, project_id) + + def fetch_crl(self, context, project_id): + return self.manager.fetch_crl(context, project_id) + + def decrypt_text(self, context, project_id, text): + return self.manager.decrypt_text(context, project_id, text) diff --git a/nova/cert/rpcapi.py b/nova/cert/rpcapi.py index c8e6b92accb3..96a61caeffbf 100644 --- a/nova/cert/rpcapi.py +++ b/nova/cert/rpcapi.py @@ -47,6 +47,8 @@ class CertAPI(rpcclient.RpcProxy): ... Grizzly and Havana support message version 1.1. So, any changes to existing methods in 1.x after that point should be done such that they can handle the version_cap being set to 1.1. + + 2.0 - Major API rev for Icehouse ''' # @@ -57,7 +59,7 @@ class CertAPI(rpcclient.RpcProxy): # about rpc API versioning, see the docs in # openstack/common/rpc/dispatcher.py. # - BASE_RPC_API_VERSION = '1.0' + BASE_RPC_API_VERSION = '2.0' VERSION_ALIASES = { 'grizzly': '1.1', @@ -73,29 +75,55 @@ class CertAPI(rpcclient.RpcProxy): version_cap=version_cap) self.client = self.get_client() + def _get_compat_version(self, current, havana_compat): + if not self.can_send_version(current): + return havana_compat + return current + def revoke_certs_by_user(self, ctxt, user_id): - return self.client.call(ctxt, 'revoke_certs_by_user', user_id=user_id) + # NOTE(russellb) Havana compat + version = self._get_compat_version('2.0', '1.0') + cctxt = self.client.prepare(version=version) + return cctxt.call(ctxt, 'revoke_certs_by_user', user_id=user_id) def revoke_certs_by_project(self, ctxt, project_id): - return self.client.call(ctxt, 'revoke_certs_by_project', - project_id=project_id) + # NOTE(russellb) Havana compat + version = self._get_compat_version('2.0', '1.0') + cctxt = self.client.prepare(version=version) + return cctxt.call(ctxt, 'revoke_certs_by_project', + project_id=project_id) def revoke_certs_by_user_and_project(self, ctxt, user_id, project_id): - return self.client.call(ctxt, 'revoke_certs_by_user_and_project', - user_id=user_id, project_id=project_id) + # NOTE(russellb) Havana compat + version = self._get_compat_version('2.0', '1.0') + cctxt = self.client.prepare(version=version) + return cctxt.call(ctxt, 'revoke_certs_by_user_and_project', + user_id=user_id, project_id=project_id) def generate_x509_cert(self, ctxt, user_id, project_id): - return self.client.call(ctxt, 'generate_x509_cert', - user_id=user_id, - project_id=project_id) + # NOTE(russellb) Havana compat + version = self._get_compat_version('2.0', '1.0') + cctxt = self.client.prepare(version=version) + return cctxt.call(ctxt, 'generate_x509_cert', + user_id=user_id, + project_id=project_id) def fetch_ca(self, ctxt, project_id): - return self.client.call(ctxt, 'fetch_ca', project_id=project_id) + # NOTE(russellb) Havana compat + version = self._get_compat_version('2.0', '1.0') + cctxt = self.client.prepare(version=version) + return cctxt.call(ctxt, 'fetch_ca', project_id=project_id) def fetch_crl(self, ctxt, project_id): - return self.client.call(ctxt, 'fetch_crl', project_id=project_id) + # NOTE(russellb) Havana compat + version = self._get_compat_version('2.0', '1.0') + cctxt = self.client.prepare(version=version) + return cctxt.call(ctxt, 'fetch_crl', project_id=project_id) def decrypt_text(self, ctxt, project_id, text): - return self.client.call(ctxt, 'decrypt_text', - project_id=project_id, - text=text) + # NOTE(russellb) Havana compat + version = self._get_compat_version('2.0', '1.0') + cctxt = self.client.prepare(version=version) + return cctxt.call(ctxt, 'decrypt_text', + project_id=project_id, + text=text) diff --git a/nova/tests/cert/test_rpcapi.py b/nova/tests/cert/test_rpcapi.py index 56e8eddbe3e3..1a56038c8136 100644 --- a/nova/tests/cert/test_rpcapi.py +++ b/nova/tests/cert/test_rpcapi.py @@ -62,26 +62,64 @@ class CertRpcAPITestCase(test.NoDBTestCase): def test_revoke_certs_by_user(self): self._test_cert_api('revoke_certs_by_user', user_id='fake_user_id') + # NOTE(russellb) Havana compat + self.flags(cert='havana', group='upgrade_levels') + self._test_cert_api('revoke_certs_by_user', user_id='fake_user_id', + version='1.0') + def test_revoke_certs_by_project(self): self._test_cert_api('revoke_certs_by_project', project_id='fake_project_id') + # NOTE(russellb) Havana compat + self.flags(cert='havana', group='upgrade_levels') + self._test_cert_api('revoke_certs_by_project', + project_id='fake_project_id', version='1.0') + def test_revoke_certs_by_user_and_project(self): self._test_cert_api('revoke_certs_by_user_and_project', user_id='fake_user_id', project_id='fake_project_id') + # NOTE(russellb) Havana compat + self.flags(cert='havana', group='upgrade_levels') + self._test_cert_api('revoke_certs_by_user_and_project', + user_id='fake_user_id', + project_id='fake_project_id', version='1.0') + def test_generate_x509_cert(self): self._test_cert_api('generate_x509_cert', user_id='fake_user_id', project_id='fake_project_id') + # NOTE(russellb) Havana compat + self.flags(cert='havana', group='upgrade_levels') + self._test_cert_api('generate_x509_cert', + user_id='fake_user_id', + project_id='fake_project_id', version='1.0') + def test_fetch_ca(self): self._test_cert_api('fetch_ca', project_id='fake_project_id') + # NOTE(russellb) Havana compat + self.flags(cert='havana', group='upgrade_levels') + self._test_cert_api('fetch_ca', project_id='fake_project_id', + version='1.0') + def test_fetch_crl(self): self._test_cert_api('fetch_crl', project_id='fake_project_id') + # NOTE(russellb) Havana compat + self.flags(cert='havana', group='upgrade_levels') + self._test_cert_api('fetch_crl', project_id='fake_project_id', + version='1.0') + def test_decrypt_text(self): self._test_cert_api('decrypt_text', project_id='fake_project_id', text='blah') + + # NOTE(russellb) Havana compat + self.flags(cert='havana', group='upgrade_levels') + self._test_cert_api('decrypt_text', + project_id='fake_project_id', text='blah', + version='1.0')