Add trusted_certs to instance_extra

This change adds a trusted_certs deferred-load column to instance_extras, which stores a list of trusted x509 certificate UUIDs for a given instance in the form of a JSON blob. Change-Id: I3fd4e395b31ff1b69f35242d559f8caa17c05a6a Implements: blueprint nova-validate-certificates
2017-04-12 14:03:26 -04:00 · 2017-04-12 14:03:26 -04:00 · e35e8d7f3f
parent 942ed9b265
commit e35e8d7f3f
5 changed files with 48 additions and 3 deletions
--- a/nova/db/sqlalchemy/api.py
+++ b/nova/db/sqlalchemy/api.py
@ -1746,6 +1746,7 @@ def instance_create(context, values):
        {'numa_topology': None,
         'pci_requests': None,
         'vcpu_model': None,
+         'trusted_certs': None,
         })
    instance_ref['extra'].update(values.pop('extra', {}))
    instance_ref.update(values)
@ -2983,7 +2984,7 @@ def instance_extra_get_by_instance_uuid(context, instance_uuid,
        filter_by(instance_uuid=instance_uuid)
    if columns is None:
        columns = ['numa_topology', 'pci_requests', 'flavor', 'vcpu_model',
-                   'migration_context']
+                   'trusted_certs', 'migration_context']
    for column in columns:
        query = query.options(undefer(column))
    instance_extra = query.first()
--- a/nova/db/sqlalchemy/migrate_repo/versions/390_add_trusted_certs.py
+++ b/nova/db/sqlalchemy/migrate_repo/versions/390_add_trusted_certs.py
@ -0,0 +1,32 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+
+from sqlalchemy import Column
+from sqlalchemy import MetaData
+from sqlalchemy import Table
+from sqlalchemy import Text
+
+
+BASE_TABLE_NAME = 'instance_extra'
+NEW_COLUMN_NAME = 'trusted_certs'
+
+
+def upgrade(migrate_engine):
+    meta = MetaData()
+    meta.bind = migrate_engine
+
+    for prefix in ('', 'shadow_'):
+        table = Table(prefix + BASE_TABLE_NAME, meta, autoload=True)
+        new_column = Column(NEW_COLUMN_NAME, Text, nullable=True)
+        if not hasattr(table.c, NEW_COLUMN_NAME):
+            table.create_column(new_column)
--- a/nova/db/sqlalchemy/models.py
+++ b/nova/db/sqlalchemy/models.py
@ -387,6 +387,7 @@ class InstanceExtra(BASE, NovaBase, models.SoftDeleteMixin):
    vcpu_model = orm.deferred(Column(Text))
    migration_context = orm.deferred(Column(Text))
    keypairs = orm.deferred(Column(Text))
+    trusted_certs = orm.deferred(Column(Text))
    instance = orm.relationship(Instance,
                            backref=orm.backref('extra',
                                                uselist=False),
--- a/nova/tests/unit/db/test_db_api.py
+++ b/nova/tests/unit/db/test_db_api.py
@ -2987,10 +2987,15 @@ class InstanceExtraTestCase(test.TestCase):

    def test_instance_extra_update_by_uuid(self):
        db.instance_extra_update_by_uuid(self.ctxt, self.instance['uuid'],
-                                         {'numa_topology': 'changed'})
+                                         {'numa_topology': 'changed',
+                                          'trusted_certs': "['123', 'foo']",
+                                          })
        inst_extra = db.instance_extra_get_by_instance_uuid(
            self.ctxt, self.instance['uuid'])
        self.assertEqual('changed', inst_extra.numa_topology)
+        # NOTE(jackie-truong): trusted_certs is stored as a Text type in
+        # instance_extra and read as a list of strings
+        self.assertEqual("['123', 'foo']", inst_extra.trusted_certs)

    def test_instance_extra_update_by_uuid_and_create(self):
        @sqlalchemy_api.pick_context_manager_writer
@ -3015,11 +3020,12 @@ class InstanceExtraTestCase(test.TestCase):
    def test_instance_extra_get_with_columns(self):
        extra = db.instance_extra_get_by_instance_uuid(
            self.ctxt, self.instance['uuid'],
-            columns=['numa_topology', 'vcpu_model'])
+            columns=['numa_topology', 'vcpu_model', 'trusted_certs'])
        self.assertRaises(SQLAlchemyError,
                          extra.__getitem__, 'pci_requests')
        self.assertIn('numa_topology', extra)
        self.assertIn('vcpu_model', extra)
+        self.assertIn('trusted_certs', extra)


 class ServiceTestCase(test.TestCase, ModelsObjectComparatorMixin):
--- a/nova/tests/unit/db/test_migrations.py
+++ b/nova/tests/unit/db/test_migrations.py
@ -1004,6 +1004,11 @@ class NovaMigrationsCheckers(test_migrations.ModelsMigrationsSync,
                                'aggregate_metadata_value_idx',
                                ['value'])

+    def _check_390(self, engine, data):
+        self.assertColumnExists(engine, 'instance_extra', 'trusted_certs')
+        self.assertColumnExists(engine, 'shadow_instance_extra',
+                                'trusted_certs')
+

 class TestNovaMigrationsSQLite(NovaMigrationsCheckers,
                               test_base.DbTestCase,