Add EC2 CRUD credential support to v3 API1.6.0

The keystone V3 API ships with EC2 in the pipeline by default. The CRUD
manager is available for the V2 API and we should also make it available
for v3.

Change-Id: I635a12b1647d5187ded7d0aea9c0277dfbb15eff
Closes-Bug: #1236326

3 files changed, 170 insertions, 0 deletions

diff --git a/keystoneclient/tests/unit/v3/test_ec2.py b/keystoneclient/tests/unit/v3/test_ec2.py
new file mode 100644
index 0000000..ff463b0
--- /dev/null
+++ b/keystoneclient/tests/unit/v3/test_ec2.py
@@ -0,0 +1,107 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystoneclient.tests.unit.v3 import utils
+from keystoneclient.v3 import ec2
+
+
+class EC2Tests(utils.TestCase):
+
+    def test_create(self):
+        user_id = 'usr'
+        tenant_id = 'tnt'
+        req_body = {
+            "tenant_id": tenant_id,
+        }
+        resp_body = {
+            "credential": {
+                "access": "access",
+                "secret": "secret",
+                "tenant_id": tenant_id,
+                "created": "12/12/12",
+                "enabled": True,
+            }
+        }
+        self.stub_url('POST', ['users', user_id, 'credentials',
+                      'OS-EC2'], json=resp_body)
+
+        cred = self.client.ec2.create(user_id, tenant_id)
+        self.assertIsInstance(cred, ec2.EC2)
+        self.assertEqual(cred.tenant_id, tenant_id)
+        self.assertEqual(cred.enabled, True)
+        self.assertEqual(cred.access, 'access')
+        self.assertEqual(cred.secret, 'secret')
+        self.assertRequestBodyIs(json=req_body)
+
+    def test_get(self):
+        user_id = 'usr'
+        tenant_id = 'tnt'
+        resp_body = {
+            "credential": {
+                "access": "access",
+                "secret": "secret",
+                "tenant_id": tenant_id,
+                "created": "12/12/12",
+                "enabled": True,
+            }
+        }
+        self.stub_url('GET', ['users', user_id, 'credentials',
+                              'OS-EC2', 'access'], json=resp_body)
+
+        cred = self.client.ec2.get(user_id, 'access')
+        self.assertIsInstance(cred, ec2.EC2)
+        self.assertEqual(cred.tenant_id, tenant_id)
+        self.assertEqual(cred.enabled, True)
+        self.assertEqual(cred.access, 'access')
+        self.assertEqual(cred.secret, 'secret')
+
+    def test_list(self):
+        user_id = 'usr'
+        tenant_id = 'tnt'
+        resp_body = {
+            "credentials": {
+                "values": [
+                    {
+                        "access": "access",
+                        "secret": "secret",
+                        "tenant_id": tenant_id,
+                        "created": "12/12/12",
+                        "enabled": True,
+                    },
+                    {
+                        "access": "another",
+                        "secret": "key",
+                        "tenant_id": tenant_id,
+                        "created": "12/12/31",
+                        "enabled": True,
+                    }
+                ]
+            }
+        }
+        self.stub_url('GET', ['users', user_id, 'credentials',
+                              'OS-EC2'], json=resp_body)
+
+        creds = self.client.ec2.list(user_id)
+        self.assertEqual(len(creds), 2)
+        cred = creds[0]
+        self.assertIsInstance(cred, ec2.EC2)
+        self.assertEqual(cred.tenant_id, tenant_id)
+        self.assertEqual(cred.enabled, True)
+        self.assertEqual(cred.access, 'access')
+        self.assertEqual(cred.secret, 'secret')
+
+    def test_delete(self):
+        user_id = 'usr'
+        access = 'access'
+        self.stub_url('DELETE', ['users', user_id, 'credentials',
+                                 'OS-EC2', access], status_code=204)
+        self.client.ec2.delete(user_id, access)
diff --git a/keystoneclient/v3/client.py b/keystoneclient/v3/client.py
index f7becbb..34bdfad 100644
--- a/keystoneclient/v3/client.py
+++ b/keystoneclient/v3/client.py
@@ -29,6 +29,7 @@ from keystoneclient.v3.contrib import simple_cert
 from keystoneclient.v3.contrib import trusts
 from keystoneclient.v3 import credentials
 from keystoneclient.v3 import domains
+from keystoneclient.v3 import ec2
 from keystoneclient.v3 import endpoints
 from keystoneclient.v3 import groups
 from keystoneclient.v3 import policies
@@ -100,6 +101,10 @@ class Client(httpclient.HTTPClient):
 
         :py:class:`keystoneclient.v3.credentials.CredentialManager`
 
+    .. py:attribute:: ec2
+
+        :py:class:`keystoneclient.v3.ec2.EC2Manager`
+
     .. py:attribute:: endpoint_filter
 
         :py:class:`keystoneclient.v3.contrib.endpoint_filter.\
@@ -175,6 +180,7 @@ EndpointPolicyManager`
         super(Client, self).__init__(**kwargs)
 
         self.credentials = credentials.CredentialManager(self._adapter)
+        self.ec2 = ec2.EC2Manager(self._adapter)
         self.endpoint_filter = endpoint_filter.EndpointFilterManager(
             self._adapter)
         self.endpoint_policy = endpoint_policy.EndpointPolicyManager(
diff --git a/keystoneclient/v3/ec2.py b/keystoneclient/v3/ec2.py
new file mode 100644
index 0000000..dc378c9
--- /dev/null
+++ b/keystoneclient/v3/ec2.py
@@ -0,0 +1,57 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystoneclient import base
+
+
+class EC2(base.Resource):
+
+    def __repr__(self):
+        return "<EC2 %s>" % self._info
+
+
+class EC2Manager(base.ManagerWithFind):
+
+    resource_class = EC2
+
+    def create(self, user_id, project_id):
+        """Create a new access/secret pair for the user/project pair.
+
+        :rtype: object of type :class:`EC2`
+        """
+
+        # NOTE(jamielennox): Yes, this uses tenant_id as a key even though we
+        # are in the v3 API.
+        return self._create('/users/%s/credentials/OS-EC2' % user_id,
+                            body={'tenant_id': project_id},
+                            response_key="credential")
+
+    def list(self, user_id):
+        """Get a list of access/secret pairs for a user_id.
+
+        :rtype: list of :class:`EC2`
+        """
+        return self._list("/users/%s/credentials/OS-EC2" % user_id,
+                          response_key="credentials")
+
+    def get(self, user_id, access):
+        """Get the access/secret pair for a given access key.
+
+        :rtype: object of type :class:`EC2`
+        """
+        url = "/users/%s/credentials/OS-EC2/%s" % (user_id, base.getid(access))
+        return self._get(url, response_key="credential")
+
+    def delete(self, user_id, access):
+        """Delete an access/secret pair for a user."""
+        return self._delete("/users/%s/credentials/OS-EC2/%s" %
+                            (user_id, base.getid(access)))