tacker.keymgr.barbican_key_manager module

Key manager implementation for Barbican

class tacker.keymgr.barbican_key_manager.BarbicanKeyManager(auth_url)

Bases: KeyManager

Key Manager Interface that wraps the Barbican client API.

delete(context, managed_object_id)

Deletes the specified managed object.

Parameters:

• context – contains information of the user and the environment for the request

• managed_object_id – the UUID of the object to delete

Raises:

• KeyManagerError – if object deletion fails

• ManagedObjectNotFoundError – if the object could not be found

get(context, managed_object_id, metadata_only=False)

Retrieves the specified managed object.

Parameters:

• context – contains information of the user and the environment for the request

• managed_object_id – the UUID of the object to retrieve

• metadata_only – whether secret data should be included

Returns:

ManagedObject representation of the managed object

Raises:

• KeyManagerError – if object retrieval fails

• ManagedObjectNotFoundError – if object not found

store(context, secret, expiration=None)

Stores a secret with the key manager.

Parameters:

• context – contains information of the user and the environment for the request

• secret – a secret object with unencrypted payload. Known as “secret” to the barbicanclient api

• expiration – the expiration time of the secret in ISO 8601 format

Returns:

the UUID of the stored object

Raises:

KeyManagerError – if object store fails