Key manager implementation for Barbican
-
class BarbicanKeyManager
Bases: cinder.keymgr.key_mgr.KeyManager
Key Manager Interface that wraps the Barbican client API.
-
copy_key(ctxt, key_id)
Copies (i.e., clones) a key stored by barbican.
| Parameters: |
- ctxt – contains information of the user and the environment for
the request (cinder/context.py)
- key_id – the UUID of the key to copy
|
|---|
| Returns: | the UUID of the key copy
|
|---|
| Throws Exception: |
|---|
| | if key copying fails
|
-
create_key(ctxt, expiration=None, name='Cinder Volume Key', payload_content_type='application/octet-stream', mode='CBC', algorithm='AES', length=256)
Creates a key.
| Parameters: |
- ctxt – contains information of the user and the environment
for the request (cinder/context.py)
- expiration – the date the key will expire
- name – a friendly name for the secret
- payload_content_type – the format/type of the secret data
- mode – the algorithm mode (e.g. CBC or CTR mode)
- algorithm – the algorithm associated with the secret
- length – the bit length of the secret
|
|---|
| Returns: | the UUID of the new key
|
|---|
| Throws Exception: |
|---|
| | if key creation fails
|
-
delete_key(ctxt, key_id)
Deletes the specified key.
| Parameters: |
- ctxt – contains information of the user and the environment for
the request (cinder/context.py)
- key_id – the UUID of the key to delete
|
|---|
| Throws Exception: |
|---|
| | if key deletion fails
|
-
get_key(ctxt, key_id, payload_content_type='application/octet-stream')
Retrieves the specified key.
| Parameters: |
- ctxt – contains information of the user and the environment for
the request (cinder/context.py)
- key_id – the UUID of the key to retrieve
- payload_content_type – The format/type of the secret data
|
|---|
| Returns: | SymmetricKey representation of the key
|
|---|
| Throws Exception: |
|---|
| | if key retrieval fails
|
-
store_key(ctxt, key, expiration=None, name='Cinder Volume Key', payload_content_type='application/octet-stream', payload_content_encoding='base64', algorithm='AES', bit_length=256, mode='CBC', from_copy=False)
Stores (i.e., registers) a key with the key manager.
| Parameters: |
- ctxt – contains information of the user and the environment for
the request (cinder/context.py)
- key – the unencrypted secret data. Known as “payload” to the
barbicanclient api
- expiration – the expiration time of the secret in ISO 8601
format
- name – a friendly name for the key
- payload_content_type – the format/type of the secret data
- payload_content_encoding – the encoding of the secret data
- algorithm – the algorithm associated with this secret key
- bit_length – the bit length of this secret key
- mode – the algorithm mode used with this secret key
- from_copy – establishes whether the function is being used
to copy a key. In case of the latter, it does not
try to decode the key
|
|---|
| Returns: | the UUID of the stored key
|
|---|
| Throws Exception: |
|---|
| | if key storage fails
|