diff --git a/tatuclient/__init__.py b/tatuclient/__init__.py index cf8eefe..9255e1f 100644 --- a/tatuclient/__init__.py +++ b/tatuclient/__init__.py @@ -1,4 +1,4 @@ -# Copyright 2017 Huawei, Inc. All rights reserved. +# Copyright 2018 Huawei, Inc. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain diff --git a/tatuclient/v1/ca.py b/tatuclient/v1/ca.py index 11e72ea..f379853 100644 --- a/tatuclient/v1/ca.py +++ b/tatuclient/v1/ca.py @@ -1,106 +1,28 @@ -# Copyright 2015 Hewlett-Packard Development Company, L.P. +# Copyright 2018 Huawei, Inc. All rights reserved. # -# Author: Endre Karlson +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 # -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -from oslo_utils import uuidutils -import six +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. from tatuclient.v1.base import V1Controller from tatuclient.v1 import utils as v1_utils -class RecordSetController(V1Controller): - def _canonicalize_record_name(self, zone, name): - zone_info = None +class CAController(V1Controller): - # If we get a zone name we'll need to get the ID of it before POST. - if isinstance(zone, six.string_types) and not \ - uuidutils.is_uuid_like(zone): - zone_info = self.client.zones.get(zone) - elif isinstance(zone, dict): - zone_info = zone + def create(self, auth_id): + return self._post('/noauth/authorities', data={ 'auth_id': auth_id }) - # We where given a name like "www" vs www.i.io., attempt to fix it on - # the behalf of the actor. - if not name.endswith("."): - if not isinstance(zone_info, dict): - zone_info = self.client.zones.get(zone) + def list(self): + return self._get('/noauth/authorities') - name = "%s.%s" % (name, zone_info["name"]) - - return name, zone_info - - def create(self, zone, name, type_, records, description=None, - ttl=None): - name, zone_info = self._canonicalize_record_name(zone, name) - - data = { - 'name': name, - 'type': type_, - 'records': records - } - - if ttl is not None: - data['ttl'] = ttl - - if description is not None: - data['description'] = description - - if zone_info is not None: - zone_id = zone_info["id"] - else: - zone_id = zone - - url = '/zones/%s/recordsets' % zone_id - return self._post(url, data=data) - - def list(self, zone, criterion=None, marker=None, limit=None): - zone = v1_utils.resolve_by_name(self.client.zones.list, zone) - - url = self.build_url( - '/zones/%s/recordsets' % zone, - criterion, marker, limit) - - return self._get(url, response_key='recordsets') - - def list_all_zones(self, criterion=None, marker=None, limit=None): - - url = self.build_url('/recordsets', criterion, marker, limit) - - return self._get(url, response_key='recordsets') - - def get(self, zone, recordset): - zone = v1_utils.resolve_by_name(self.client.zones.list, zone) - recordset = v1_utils.resolve_by_name(self.list, recordset, zone) - - url = self.build_url('/zones/%s/recordsets/%s' % ( - zone, recordset)) - - return self._get(url) - - def update(self, zone, recordset, values): - zone = v1_utils.resolve_by_name(self.client.zones.list, zone) - recordset = v1_utils.resolve_by_name(self.list, recordset, zone) - - url = '/zones/%s/recordsets/%s' % (zone, recordset) - - return self._put(url, data=values) - - def delete(self, zone, recordset): - zone = v1_utils.resolve_by_name(self.client.zones.list, zone) - recordset = v1_utils.resolve_by_name(self.list, recordset, zone) - - url = '/zones/%s/recordsets/%s' % (zone, recordset) - - return self._delete(url) + def get(self, auth_id): + return self._get('/noauth/authorities/%s' % auth_id) diff --git a/tatuclient/v1/cli/ca.py b/tatuclient/v1/cli/ca.py index bb518fe..c22f507 100644 --- a/tatuclient/v1/cli/ca.py +++ b/tatuclient/v1/cli/ca.py @@ -1,4 +1,4 @@ -# Copyright 2017 Huawei, Inc. All rights reserved. +# Copyright 2018 Huawei, Inc. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain diff --git a/tatuclient/v1/cli/hostcert.py b/tatuclient/v1/cli/hostcert.py index 7428a80..9cfff76 100644 --- a/tatuclient/v1/cli/hostcert.py +++ b/tatuclient/v1/cli/hostcert.py @@ -1,4 +1,4 @@ -# Copyright 2017 Huawei, Inc. All rights reserved. +# Copyright 2018 Huawei, Inc. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain @@ -23,22 +23,6 @@ from tatuclient.v1.utils import get_all LOG = logging.getLogger(__name__) -'host_id': host.host_id, -'fingerprint': host.fingerprint, -'auth_id': host.auth_id, -'cert': host.cert, -item = { - 'host_id': host.host_id, - 'fingerprint': host.fingerprint, - 'auth_id': host.auth_id, - 'cert': host.cert, - 'hostname': host.hostname, -} -if CONF.tatu.use_pat_bastions: - item['pat_bastions'] = ','.join( - '{}:{}'.format(t[1], t[0]) for t in - get_port_ip_tuples(host.host_id, 22)) - item['srv_url'] = get_srv_url(host.hostname, host.auth_id) _columns = ['host_id', 'srv_url', 'pat_bastions', 'fingerprint', 'cert'] _names = ['Instance ID', 'SRV URL', 'PAT Bastions', 'Fingerprint', 'SSH Certificate'] @@ -64,12 +48,13 @@ class ShowHostCertCommand(command.ShowOne): def get_parser(self, prog_name): parser = super(ShowHostCertCommand, self).get_parser(prog_name) - parser.add_argument('serial', help="Serial Number") + parser.add_argument('host_id', help="Instance ID") + parser.add_argument('fingerprint', help="Public Key Fingerprint") common.add_all_common_options(parser) return parser def take_action(self, parsed_args): client = self.app.client_manager.ssh common.set_all_common_headers(client, parsed_args) - data = client.hostcert.get(parsed_args.serial) + data = client.hostcert.get(parsed_args.host_id, parsed_args.fingerprint) return _names, utils.get_item_properties(data, _columns) diff --git a/tatuclient/v1/cli/usercert.py b/tatuclient/v1/cli/usercert.py index 161e53e..892065a 100644 --- a/tatuclient/v1/cli/usercert.py +++ b/tatuclient/v1/cli/usercert.py @@ -1,4 +1,4 @@ -# Copyright 2017 Huawei, Inc. All rights reserved. +# Copyright 2018 Huawei, Inc. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain @@ -83,11 +83,12 @@ class RevokeUserCertCommand(command.ShowOne): def get_parser(self, prog_name): parser = super(RevokeUserCertCommand, self).get_parser(prog_name) parser.add_argument('serial', help="Serial Number") + parser.add_argument('auth_id', help="Project/CA ID") common.add_all_common_options(parser) return parser def take_action(self, parsed_args): client = self.app.client_manager.ssh common.set_all_common_headers(client, parsed_args) - data = client.usercert.create(parsed_args.serial) + data = client.usercert.create(parsed_args.auth_id, parsed_args.serial) return _names, utils.get_item_properties(data, _columns) diff --git a/tatuclient/v1/hostcert.py b/tatuclient/v1/hostcert.py index 11e72ea..d05f1cd 100644 --- a/tatuclient/v1/hostcert.py +++ b/tatuclient/v1/hostcert.py @@ -1,106 +1,25 @@ -# Copyright 2015 Hewlett-Packard Development Company, L.P. +# Copyright 2018 Huawei, Inc. All rights reserved. # -# Author: Endre Karlson +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 # -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -from oslo_utils import uuidutils -import six +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. from tatuclient.v1.base import V1Controller from tatuclient.v1 import utils as v1_utils -class RecordSetController(V1Controller): - def _canonicalize_record_name(self, zone, name): - zone_info = None +class HostCertController(V1Controller): - # If we get a zone name we'll need to get the ID of it before POST. - if isinstance(zone, six.string_types) and not \ - uuidutils.is_uuid_like(zone): - zone_info = self.client.zones.get(zone) - elif isinstance(zone, dict): - zone_info = zone + def list(self): + return self._get('/noauth/hostcerts') - # We where given a name like "www" vs www.i.io., attempt to fix it on - # the behalf of the actor. - if not name.endswith("."): - if not isinstance(zone_info, dict): - zone_info = self.client.zones.get(zone) - - name = "%s.%s" % (name, zone_info["name"]) - - return name, zone_info - - def create(self, zone, name, type_, records, description=None, - ttl=None): - name, zone_info = self._canonicalize_record_name(zone, name) - - data = { - 'name': name, - 'type': type_, - 'records': records - } - - if ttl is not None: - data['ttl'] = ttl - - if description is not None: - data['description'] = description - - if zone_info is not None: - zone_id = zone_info["id"] - else: - zone_id = zone - - url = '/zones/%s/recordsets' % zone_id - return self._post(url, data=data) - - def list(self, zone, criterion=None, marker=None, limit=None): - zone = v1_utils.resolve_by_name(self.client.zones.list, zone) - - url = self.build_url( - '/zones/%s/recordsets' % zone, - criterion, marker, limit) - - return self._get(url, response_key='recordsets') - - def list_all_zones(self, criterion=None, marker=None, limit=None): - - url = self.build_url('/recordsets', criterion, marker, limit) - - return self._get(url, response_key='recordsets') - - def get(self, zone, recordset): - zone = v1_utils.resolve_by_name(self.client.zones.list, zone) - recordset = v1_utils.resolve_by_name(self.list, recordset, zone) - - url = self.build_url('/zones/%s/recordsets/%s' % ( - zone, recordset)) - - return self._get(url) - - def update(self, zone, recordset, values): - zone = v1_utils.resolve_by_name(self.client.zones.list, zone) - recordset = v1_utils.resolve_by_name(self.list, recordset, zone) - - url = '/zones/%s/recordsets/%s' % (zone, recordset) - - return self._put(url, data=values) - - def delete(self, zone, recordset): - zone = v1_utils.resolve_by_name(self.client.zones.list, zone) - recordset = v1_utils.resolve_by_name(self.list, recordset, zone) - - url = '/zones/%s/recordsets/%s' % (zone, recordset) - - return self._delete(url) + def get(self, host_id, fingerprint): + return self._get('/noauth/hostcerts/%s/%s' % (host_id, fingerprint)) diff --git a/tatuclient/v1/usercert.py b/tatuclient/v1/usercert.py index 11e72ea..1f71956 100644 --- a/tatuclient/v1/usercert.py +++ b/tatuclient/v1/usercert.py @@ -1,106 +1,33 @@ -# Copyright 2015 Hewlett-Packard Development Company, L.P. +# Copyright 2018 Huawei, Inc. All rights reserved. # -# Author: Endre Karlson +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 # -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -from oslo_utils import uuidutils -import six +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. from tatuclient.v1.base import V1Controller from tatuclient.v1 import utils as v1_utils -class RecordSetController(V1Controller): - def _canonicalize_record_name(self, zone, name): - zone_info = None +class UserCertController(V1Controller): - # If we get a zone name we'll need to get the ID of it before POST. - if isinstance(zone, six.string_types) and not \ - uuidutils.is_uuid_like(zone): - zone_info = self.client.zones.get(zone) - elif isinstance(zone, dict): - zone_info = zone + def create(self, **kwargs): + return self._post('/noauth/usercerts', data=kwargs) - # We where given a name like "www" vs www.i.io., attempt to fix it on - # the behalf of the actor. - if not name.endswith("."): - if not isinstance(zone_info, dict): - zone_info = self.client.zones.get(zone) + def list(self): + return self._get('/noauth/usercerts') - name = "%s.%s" % (name, zone_info["name"]) + def get(self, serial): + return self._get('/noauth/usercerts/%s' % serial) - return name, zone_info - - def create(self, zone, name, type_, records, description=None, - ttl=None): - name, zone_info = self._canonicalize_record_name(zone, name) - - data = { - 'name': name, - 'type': type_, - 'records': records - } - - if ttl is not None: - data['ttl'] = ttl - - if description is not None: - data['description'] = description - - if zone_info is not None: - zone_id = zone_info["id"] - else: - zone_id = zone - - url = '/zones/%s/recordsets' % zone_id + def revoke(self, auth_id, serial): + url = '/noauth/revokeduserkeys/%s' % auth_id + data = { 'serial': serial } return self._post(url, data=data) - - def list(self, zone, criterion=None, marker=None, limit=None): - zone = v1_utils.resolve_by_name(self.client.zones.list, zone) - - url = self.build_url( - '/zones/%s/recordsets' % zone, - criterion, marker, limit) - - return self._get(url, response_key='recordsets') - - def list_all_zones(self, criterion=None, marker=None, limit=None): - - url = self.build_url('/recordsets', criterion, marker, limit) - - return self._get(url, response_key='recordsets') - - def get(self, zone, recordset): - zone = v1_utils.resolve_by_name(self.client.zones.list, zone) - recordset = v1_utils.resolve_by_name(self.list, recordset, zone) - - url = self.build_url('/zones/%s/recordsets/%s' % ( - zone, recordset)) - - return self._get(url) - - def update(self, zone, recordset, values): - zone = v1_utils.resolve_by_name(self.client.zones.list, zone) - recordset = v1_utils.resolve_by_name(self.list, recordset, zone) - - url = '/zones/%s/recordsets/%s' % (zone, recordset) - - return self._put(url, data=values) - - def delete(self, zone, recordset): - zone = v1_utils.resolve_by_name(self.client.zones.list, zone) - recordset = v1_utils.resolve_by_name(self.list, recordset, zone) - - url = '/zones/%s/recordsets/%s' % (zone, recordset) - - return self._delete(url)