3 files changed, 170 insertions, 0 deletions

diff --git a/keystoneclient/tests/unit/v3/test_ec2.py b/keystoneclient/tests/unit/v3/test_ec2.py
new file mode 100644
index 0000000..ff463b0
--- /dev/null
+++ b/keystoneclient/tests/unit/v3/test_ec2.py
@@ -0,0 +1,107 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystoneclient.tests.unit.v3 import utils
+from keystoneclient.v3 import ec2
+
+
+class EC2Tests(utils.TestCase):
+
+    def test_create(self):
+        user_id = 'usr'
+        tenant_id = 'tnt'
+        req_body = {
+            "tenant_id": tenant_id,
+        }
+        resp_body = {
+            "credential": {
+                "access": "access",
+                "secret": "secret",
+                "tenant_id": tenant_id,
+                "created": "12/12/12",
+                "enabled": True,
+            }
+        }
+        self.stub_url('POST', ['users', user_id, 'credentials',
+                      'OS-EC2'], json=resp_body)
+
+        cred = self.client.ec2.create(user_id, tenant_id)
+        self.assertIsInstance(cred, ec2.EC2)
+        self.assertEqual(cred.tenant_id, tenant_id)
+        self.assertEqual(cred.enabled, True)
+        self.assertEqual(cred.access, 'access')
+        self.assertEqual(cred.secret, 'secret')
+        self.assertRequestBodyIs(json=req_body)
+
+    def test_get(self):
+        user_id = 'usr'
+        tenant_id = 'tnt'
+        resp_body = {
+            "credential": {
+                "access": "access",
+                "secret": "secret",
+                "tenant_id": tenant_id,
+                "created": "12/12/12",
+                "enabled": True,
+            }
+        }
+        self.stub_url('GET', ['users', user_id, 'credentials',
+                              'OS-EC2', 'access'], json=resp_body)
+
+        cred = self.client.ec2.get(user_id, 'access')
+        self.assertIsInstance(cred, ec2.EC2)
+        self.assertEqual(cred.tenant_id, tenant_id)
+        self.assertEqual(cred.enabled, True)
+        self.assertEqual(cred.access, 'access')
+        self.assertEqual(cred.secret, 'secret')
+
+    def test_list(self):
+        user_id = 'usr'
+        tenant_id = 'tnt'
+        resp_body = {
+            "credentials": {
+                "values": [
+                    {
+                        "access": "access",
+                        "secret": "secret",
+                        "tenant_id": tenant_id,
+                        "created": "12/12/12",
+                        "enabled": True,
+                    },
+                    {
+                        "access": "another",
+                        "secret": "key",
+                        "tenant_id": tenant_id,
+                        "created": "12/12/31",
+                        "enabled": True,
+                    }
+                ]
+            }
+        }
+        self.stub_url('GET', ['users', user_id, 'credentials',
+                              'OS-EC2'], json=resp_body)
+
+        creds = self.client.ec2.list(user_id)
+        self.assertEqual(len(creds), 2)
+        cred = creds[0]
+        self.assertIsInstance(cred, ec2.EC2)
+        self.assertEqual(cred.tenant_id, tenant_id)
+        self.assertEqual(cred.enabled, True)
+        self.assertEqual(cred.access, 'access')
+        self.assertEqual(cred.secret, 'secret')
+
+    def test_delete(self):
+        user_id = 'usr'
+        access = 'access'
+        self.stub_url('DELETE', ['users', user_id, 'credentials',
+                                 'OS-EC2', access], status_code=204)
+        self.client.ec2.delete(user_id, access)
diff --git a/keystoneclient/v3/client.py b/keystoneclient/v3/client.py
index f7becbb..34bdfad 100644
--- a/keystoneclient/v3/client.py
+++ b/keystoneclient/v3/client.py
@@ -29,6 +29,7 @@ from keystoneclient.v3.contrib import simple_cert
 from keystoneclient.v3.contrib import trusts
 from keystoneclient.v3 import credentials
 from keystoneclient.v3 import domains
+from keystoneclient.v3 import ec2
 from keystoneclient.v3 import endpoints
 from keystoneclient.v3 import groups
 from keystoneclient.v3 import policies
@@ -100,6 +101,10 @@ class Client(httpclient.HTTPClient):
 
         :py:class:`keystoneclient.v3.credentials.CredentialManager`
 
+    .. py:attribute:: ec2
+
+        :py:class:`keystoneclient.v3.ec2.EC2Manager`
+
     .. py:attribute:: endpoint_filter
 
         :py:class:`keystoneclient.v3.contrib.endpoint_filter.\
@@ -175,6 +180,7 @@ EndpointPolicyManager`
         super(Client, self).__init__(**kwargs)
 
         self.credentials = credentials.CredentialManager(self._adapter)
+        self.ec2 = ec2.EC2Manager(self._adapter)
         self.endpoint_filter = endpoint_filter.EndpointFilterManager(
             self._adapter)
         self.endpoint_policy = endpoint_policy.EndpointPolicyManager(
diff --git a/keystoneclient/v3/ec2.py b/keystoneclient/v3/ec2.py
new file mode 100644
index 0000000..dc378c9
--- /dev/null
+++ b/keystoneclient/v3/ec2.py
@@ -0,0 +1,57 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystoneclient import base
+
+
+class EC2(base.Resource):
+
+    def __repr__(self):
+        return "<EC2 %s>" % self._info
+
+
+class EC2Manager(base.ManagerWithFind):
+
+    resource_class = EC2
+
+    def create(self, user_id, project_id):
+        """Create a new access/secret pair for the user/project pair.
+
+        :rtype: object of type :class:`EC2`
+        """
+
+        # NOTE(jamielennox): Yes, this uses tenant_id as a key even though we
+        # are in the v3 API.
+        return self._create('/users/%s/credentials/OS-EC2' % user_id,
+                            body={'tenant_id': project_id},
+                            response_key="credential")
+
+    def list(self, user_id):
+        """Get a list of access/secret pairs for a user_id.
+
+        :rtype: list of :class:`EC2`
+        """
+        return self._list("/users/%s/credentials/OS-EC2" % user_id,
+                          response_key="credentials")
+
+    def get(self, user_id, access):
+        """Get the access/secret pair for a given access key.
+
+        :rtype: object of type :class:`EC2`
+        """
+        url = "/users/%s/credentials/OS-EC2/%s" % (user_id, base.getid(access))
+        return self._get(url, response_key="credential")
+
+    def delete(self, user_id, access):
+        """Delete an access/secret pair for a user."""
+        return self._delete("/users/%s/credentials/OS-EC2/%s" %
+                            (user_id, base.getid(access)))