Go Windows Azure Client Library

Merge lp:~mark-sheahan-ms/gwacl/cert-args into lp:gwacl

cert-args
Merge into trunk

Proposed by Mark Sheahan on 2014-09-25

Status:	Merged
Merged at revision:	238
Proposed branch:	lp:~mark-sheahan-ms/gwacl/cert-args
Merge into:	lp:gwacl
Diff against target:	221 lines (+94/-10) 3 files modified management_base.go (+44/-1) management_base_test.go (+30/-6) x509session.go (+20/-3)
To merge this branch:	bzr merge lp:~mark-sheahan-ms/gwacl/cert-args
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Andrew Wilkins (community)		2014-09-25	Approve on 2014-09-25
Review via email: mp+235889@code.launchpad.net

Commit message

Add functions to instantiate a new management API, with the certificate+key provided as input byte arrays rather than a file path.

Description of the change

Add functions to instantiate a new management API, with the certificate+key provided as input byte arrays rather than a file path.

func NewManagementAPICertDataWithRetryPolicy(subscriptionId string, cert, key []byte, location string, policy RetryPolicy) (*ManagementAPI, error)

func NewManagementAPICertData(subscriptionId string, cert, key []byte, location string) (*ManagementAPI, error)

Revision history for this message

Andrew Wilkins (axwalk) wrote on 2014-09-25:

Thank you. I've been meaning to do this for a while, but never got around to it. This looks good to land as is. Can you please take a moment to sign the CLA? http://www.ubuntu.com/legal/contributors

Revision history for this message

Andrew Wilkins (axwalk) on 2014-09-25:

review: Approve

Revision history for this message

Mark Sheahan (mark-sheahan-ms) wrote on 2014-09-25:

Thanks Andrew. I have signed the agreement as a contributor from ScriptRock
Inc.

What are the next steps for submission back into trunk? I haven't used
Bazaar or launchpad until yesterday.

Regards,
Mark

On Thu, Sep 25, 2014 at 12:05 AM, Andrew Wilkins <
<email address hidden>> wrote:

> Review: Approve
>
>
> --
> https://code.launchpad.net/~mark-sheahan-ms/gwacl/cert-args/+merge/235889
> You are the owner of lp:~mark-sheahan-ms/gwacl/cert-args.
>

Revision history for this message

Andrew Wilkins (axwalk) wrote on 2014-09-26:

Landing requires someone from the "GWACL Hackers" group (e.g. me) to push it through. I'll handle it from here. Thanks again.

Revision history for this message

Go Bot (go-bot) wrote on 2014-09-26:

The attempt to merge lp:~mark-sheahan-ms/gwacl/cert-args into lp:gwacl failed. Below is the output from the failed tests.

/bin/sh: 1: Syntax error: "&&" unexpected

Revision history for this message

Andrew Wilkins (axwalk) wrote on 2014-09-26:

I'll need to get in touch with the maintainer of the landing bot to see what's going on there.

Revision history for this message

Andrew Wilkins (axwalk) wrote on 2014-10-01:

I went ahead and merged manually. Thanks again.

Revision history for this message

Mark Sheahan (mark-sheahan-ms) wrote on 2014-10-02:

Thanks Andrew; hopefully we can contribute more as we use it more
extensively.

On Tue, Sep 30, 2014 at 6:09 PM, Andrew Wilkins <
<email address hidden>> wrote:

> I went ahead and merged manually. Thanks again.
> --
> https://code.launchpad.net/~mark-sheahan-ms/gwacl/cert-args/+merge/235889
> You are the owner of lp:~mark-sheahan-ms/gwacl/cert-args.
>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

GWACL Hackers

Mark Sheahan

 === modified file 'management_base.go'
 --- management_base.go	2014-06-24 09:32:41 +0000
 +++ management_base.go	2014-09-25 02:19:41 +0000
@@ -9,6 +9,7 @@
      "net/http"
      "strings"
      "time"
++    "launchpad.net/gwacl/fork/tls"
+ )
  // Note: each API call is required to include a version string in the request header.
@@ -37,7 +38,8 @@
  const DefaultPollerTimeout = 20 * time.Minute
  // NewManagementAPIWithRetryPolicy creates an object used to interact with
--// Windows Azure's API.
++// Windows Azure's API. Certificate data is provided through a file path;
++// the file must contain the private key, then the certificate, both in PEM format.
  // http://msdn.microsoft.com/en-us/library/windowsazure/ff800682.aspx
  func NewManagementAPIWithRetryPolicy(subscriptionId, certFile, location string, policy RetryPolicy) (*ManagementAPI, error) {
      session, err := newX509Session(subscriptionId, certFile, location, policy)
@@ -49,11 +51,52 @@
+ }
  // NewManagementAPI creates an object used to interact with Windows Azure's API.
++// Certificate data is provided through a file path; the file must contain the
++// private key, then the certificate, both in PEM format.
  // http://msdn.microsoft.com/en-us/library/windowsazure/ff800682.aspx
  func NewManagementAPI(subscriptionId, certFile, location string) (*ManagementAPI, error) {
      return NewManagementAPIWithRetryPolicy(subscriptionId, certFile, location, NoRetryPolicy)
+ }
++// NewManagementAPICertDataWithRetryPolicy creates an object used to interact with
++// Windows Azure's API. Certificate and private key data are provided through input
++// byte arrays, each containing data in PEM format.
++// http://msdn.microsoft.com/en-us/library/windowsazure/ff800682.aspx
++func NewManagementAPICertDataWithRetryPolicy(subscriptionId string, cert, key []byte, location string, policy RetryPolicy) (*ManagementAPI, error) {
++    session, err := newX509SessionCertData(subscriptionId, cert, key, location, policy)
++    if err != nil {
++        return nil, err
++    }
++    api := ManagementAPI{session, DefaultPollerInterval, DefaultPollerTimeout}
++    return &api, nil
++}
++
++// NewManagementAPICertData creates an object used to interact with Windows Azure's API.
++// Certificate and private key data are provided through input byte arrays,
++// each containing data in PEM format.
++// http://msdn.microsoft.com/en-us/library/windowsazure/ff800682.aspx
++func NewManagementAPICertData(subscriptionId string, cert, key []byte, location string) (*ManagementAPI, error) {
++    return NewManagementAPICertDataWithRetryPolicy(subscriptionId, cert, key, location, NoRetryPolicy)
++}
++
++// NewManagementAPICertsWithRetryPolicy creates an object used to interact with
++// Windows Azure's API.
++// http://msdn.microsoft.com/en-us/library/windowsazure/ff800682.aspx
++func NewManagementAPICertsWithRetryPolicy(subscriptionId string, certs []tls.Certificate, location string, policy RetryPolicy) (*ManagementAPI, error) {
++    session, err := newX509SessionCerts(subscriptionId, certs, location, policy)
++    if err != nil {
++        return nil, err
++    }
++    api := ManagementAPI{session, DefaultPollerInterval, DefaultPollerTimeout}
++    return &api, nil
++}
++
++// NewManagementAPICerts creates an object used to interact with Windows Azure's API.
++// http://msdn.microsoft.com/en-us/library/windowsazure/ff800682.aspx
++func NewManagementAPICerts(subscriptionId string, certs []tls.Certificate, location string) (*ManagementAPI, error) {
++    return NewManagementAPICertsWithRetryPolicy(subscriptionId, certs, location, NoRetryPolicy)
++}
++
  var operationIDHeaderName = http.CanonicalHeaderKey("x-ms-request-id")
  // getOperationID extracts the Windows Azure operation ID from the headers
 === modified file 'management_base_test.go'
 --- management_base_test.go	2014-03-12 03:56:53 +0000
 +++ management_base_test.go	2014-09-25 02:19:41 +0000
@@ -4,6 +4,7 @@
  package gwacl
  import (
++    "bytes"
      "encoding/base64"
      "encoding/xml"
      "errors"
@@ -207,7 +208,7 @@
      c.Assert(err, IsNil)
+ }
--var testCert = dedent.Dedent(`
++var testKey = []byte(dedent.Dedent(`
      -----BEGIN PRIVATE KEY-----
      MIIBCgIBADANBgkqhkiG9w0BAQEFAASB9TCB8gIBAAIxAKQGQxP1i0VfCWn4KmMP
      taUFn8sMBKjP/9vHnUYdZRvvmoJCA1C6arBUDp8s2DNX+QIDAQABAjBLRqhwN4dU
@@ -216,6 +217,8 @@
      GBW7VXLxbExpgnhb1V97vjQmTfthXQjYAwIYSTEjoFXm4+Bk5xuBh2IidgSeGZaC
      FFY9AhkAsteo31cyQw2xJ80SWrmsIw+ps7Cvt5W9
      -----END PRIVATE KEY-----
++    `[1:]))
++var testCert = []byte(dedent.Dedent(`
      -----BEGIN CERTIFICATE-----
      MIIBDzCByqADAgECAgkAgIBb3+lSwzEwDQYJKoZIhvcNAQEFBQAwFTETMBEGA1UE
      AxQKQEhvc3ROYW1lQDAeFw0xMzA3MTkxNjA1NTRaFw0yMzA3MTcxNjA1NTRaMBUx
@@ -224,20 +227,20 @@
      AAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADMQABKfn08tKfzzqMMD2w
      PI2fs3bw5bRH8tmGjrsJeEdp9crCBS8I3hKcxCkTTRTowdY=
      -----END CERTIFICATE-----
--    `[1:])
++    `[1:]))
++var testCertKey = bytes.Join([][]byte{testKey, testCert}, []byte{})
  func (suite *managementBaseAPISuite) TestNewManagementAPI(c *C) {
      subscriptionId := "subscriptionId"
      certDir := c.MkDir()
      certFile := certDir + "/cert.pem"
--    err := ioutil.WriteFile(certFile, []byte(testCert), 0600)
++    err := ioutil.WriteFile(certFile, testCertKey, 0600)
      c.Assert(err, IsNil)
      api, err := NewManagementAPI(subscriptionId, certFile, "West US")
      c.Assert(err, IsNil)
      c.Assert(api.session.subscriptionId, DeepEquals, subscriptionId)
--    c.Assert(api.session.certFile, DeepEquals, certFile)
      c.Assert(api.session.retryPolicy, DeepEquals, NoRetryPolicy)
+ }
@@ -245,7 +248,7 @@
      subscriptionId := "subscriptionId"
      certDir := c.MkDir()
      certFile := certDir + "/cert.pem"
--    err := ioutil.WriteFile(certFile, []byte(testCert), 0600)
++    err := ioutil.WriteFile(certFile, testCertKey, 0600)
      c.Assert(err, IsNil)
      retryPolicy := RetryPolicy{NbRetries: 5, HttpStatusCodes: []int{409}, Delay: time.Minute}
@@ -253,7 +256,28 @@
      c.Assert(err, IsNil)
      c.Assert(api.session.subscriptionId, DeepEquals, subscriptionId)
--    c.Assert(api.session.certFile, DeepEquals, certFile)
++    c.Assert(api.session.retryPolicy, DeepEquals, retryPolicy)
++    c.Assert(api.GetRetryPolicy(), DeepEquals, retryPolicy)
++}
++
++func (suite *managementBaseAPISuite) TestNewManagementAPICertData(c *C) {
++    subscriptionId := "subscriptionId"
++
++    api, err := NewManagementAPICertData(subscriptionId, testCert, testKey, "West US")
++    c.Assert(err, IsNil)
++
++    c.Assert(api.session.subscriptionId, DeepEquals, subscriptionId)
++    c.Assert(api.session.retryPolicy, DeepEquals, NoRetryPolicy)
++}
++
++func (suite *managementBaseAPISuite) TestNewManagementAPICertDataWithRetryPolicy(c *C) {
++    subscriptionId := "subscriptionId"
++    retryPolicy := RetryPolicy{NbRetries: 5, HttpStatusCodes: []int{409}, Delay: time.Minute}
++
++    api, err := NewManagementAPICertDataWithRetryPolicy(subscriptionId, testCert, testKey, "West US", retryPolicy)
++    c.Assert(err, IsNil)
++
++    c.Assert(api.session.subscriptionId, DeepEquals, subscriptionId)
      c.Assert(api.session.retryPolicy, DeepEquals, retryPolicy)
      c.Assert(api.GetRetryPolicy(), DeepEquals, retryPolicy)
+ }
 === modified file 'x509session.go'
 --- x509session.go	2014-02-04 08:58:10 +0000
 +++ x509session.go	2014-09-25 02:19:41 +0000
@@ -14,7 +14,6 @@
  type x509Session struct {
      subscriptionId string
--    certFile       string
      client         *http.Client
      baseURL        *url.URL
      retryPolicy    RetryPolicy
@@ -32,13 +31,32 @@
  func newX509Session(subscriptionId, certFile, location string, retryPolicy RetryPolicy) (*x509Session, error) {
      certs := []tls.Certificate{}
      if certFile != "" {
--        //
          cert, err := tls.LoadX509KeyPair(certFile, certFile)
          if err != nil {
              return nil, err
+         }
          certs = append(certs, cert)
+     }
++    return newX509SessionCerts(subscriptionId, certs, location, retryPolicy)
++}
++
++// newX509SessionCertData creates and returns a new x509Session based on credentials
++// and X509 certificate byte arrays.
++func newX509SessionCertData(subscriptionId string, cert, key []byte, location string, retryPolicy RetryPolicy) (*x509Session, error) {
++    certs := []tls.Certificate{}
++    if cert != nil && key != nil {
++        cert, err := tls.X509KeyPair(cert, key)
++        if err != nil {
++            return nil, err
++        }
++        certs = append(certs, cert)
++    }
++    return newX509SessionCerts(subscriptionId, certs, location, retryPolicy)
++}
++
++// newX509SessionCerts creates and returns a new x509Session based on credentials
++// and X509 certificate files.
++func newX509SessionCerts(subscriptionId string, certs []tls.Certificate, location string, retryPolicy RetryPolicy) (*x509Session, error) {
      client := http.Client{
          Transport: &http.Transport{
              TLSClientConfig: &tls.Config{
@@ -66,7 +84,6 @@
      session := x509Session{
          subscriptionId: subscriptionId,
--        certFile:       certFile,
          client:         &client,
          baseURL:        baseURL,
          retryPolicy:    retryPolicy,