barbicanclient.client.
Client
¶Barbican client used to interact with barbican service.
Parameters: |
|
---|
barbicanclient.v1.secrets.
SecretManager
(api)¶Entity Manager for Secret entities
create
(name=None, payload=None, payload_content_type=None, payload_content_encoding=None, algorithm=None, bit_length=None, secret_type=None, mode=None, expiration=None)¶Factory method for creating new Secret objects
Secrets returned by this method have not yet been stored in the Barbican service.
Parameters: |
|
---|---|
Returns: | A new Secret object |
Return type: | |
Raises: |
|
delete
(secret_ref)¶Delete a Secret from Barbican
Parameters: | secret_ref – Full HATEOAS reference to a Secret, or a UUID |
---|---|
Raises: |
|
get
(secret_ref, payload_content_type=None)¶Retrieve an existing Secret from Barbican
Parameters: |
|
---|---|
Returns: | Secret object retrieved from Barbican |
Return type: | |
Raises: |
|
list
(limit=10, offset=0, name=None, algorithm=None, mode=None, bits=0, secret_type=None, created=None, updated=None, expiration=None, sort=None)¶List Secrets for the project
This method uses the limit and offset parameters for paging, and also supports filtering.
The time filters (created, updated, and expiration) are expected to be an ISO 8601 formatted string, which can be prefixed with comparison operators: ‘gt:’ (greater-than), ‘gte:’ (greater-than-or-equal), ‘lt:’ (less-than), or ‘lte’: (less-than-or-equal).
Parameters: |
|
---|---|
Returns: | list of Secret objects that satisfy the provided filter criteria. |
Return type: | list |
Raises: |
|
update
(secret_ref, payload=None)¶Update an existing Secret in Barbican
Parameters: |
|
---|---|
Raises: |
|
barbicanclient.v1.secrets.
Secret
(api, name=None, expiration=None, algorithm=None, bit_length=None, mode=None, payload=None, payload_content_type=None, payload_content_encoding=None, secret_ref=None, created=None, updated=None, content_types=None, status=None, secret_type=None, creator_id=None)¶Secrets managed by Barbican
Secrets represent keys, credentials, and other sensitive data that is stored by the Barbican service.
Secret objects should not be instantiated directly.
You should use the create or get methods of the
barbicanclient.secrets.SecretManager
instead.
acls
¶Get ACL settings for this secret.
delete
()¶Deletes the Secret from Barbican
payload
¶Lazy-loaded property that holds the unencrypted data
store
()¶Stores the Secret in Barbican.
New Secret objects are not persisted in Barbican until this method is called.
Raises: | PayloadException |
---|
update
()¶Updates the secret in Barbican.
barbicanclient.v1.orders.
OrderManager
(api)¶Entity Manager for Order entitites
create_asymmetric
(name=None, algorithm=None, bit_length=None, pass_phrase=None, payload_content_type=None, expiration=None)¶Factory method for AsymmetricOrder objects
AsymmetricOrder objects returned by this method have not yet been submitted to the Barbican service.
Parameters: |
|
---|---|
Returns: | AsymmetricOrder |
Return type: | |
Raises: |
|
create_certificate
(name=None, request_type=None, subject_dn=None, source_container_ref=None, ca_id=None, profile=None, request_data=None)¶Factory method for CertificateOrder objects
CertificateOrder objects returned by this method have not yet been submitted to the Barbican service.
Parameters: |
|
---|---|
Returns: | CertificateOrder |
Return type: |
|
create_key
(name=None, algorithm=None, bit_length=None, mode=None, payload_content_type=None, expiration=None)¶Factory method for KeyOrder objects
KeyOrder objects returned by this method have not yet been submitted to the Barbican service.
Parameters: |
|
---|---|
Returns: | KeyOrder |
Return type: | |
Raises: |
|
delete
(order_ref)¶Delete an Order from Barbican
Parameters: | order_ref – Full HATEOAS reference to an Order, or a UUID |
---|
get
(order_ref)¶Retrieve an existing Order from Barbican
Parameters: | order_ref – Full HATEOAS reference to an Order, or a UUID |
---|---|
Returns: | An instance of the appropriate subtype of Order |
Raises: |
|
list
(limit=10, offset=0)¶List Orders for the project
This method uses the limit and offset parameters for paging.
Parameters: |
|
---|---|
Returns: | list of Order objects |
Raises: |
|
barbicanclient.v1.orders.
Order
(api, type, status=None, created=None, updated=None, meta=None, order_ref=None, error_status_code=None, error_reason=None, sub_status=None, sub_status_message=None, creator_id=None)¶Base order object to hold common functionality
This should be considered an abstract class that should not be instantiated directly.
delete
()¶Deletes the Order from Barbican
submit
()¶Submit the Order to Barbican.
New Order objects are not persisted in Barbican until this method is called.
barbicanclient.v1.orders.
KeyOrder
(api, name=None, algorithm=None, bit_length=None, mode=None, expiration=None, payload_content_type=None, status=None, created=None, updated=None, order_ref=None, secret_ref=None, error_status_code=None, error_reason=None, sub_status=None, sub_status_message=None, creator_id=None)¶KeyOrders can be used to request random key material from Barbican
mode
¶Encryption mode being used with this key
The mode could be set to “CBC” for example, when requesting a key that will be used for AES encryption in CBC mode.
barbicanclient.v1.orders.
AsymmetricOrder
(api, name=None, algorithm=None, bit_length=None, mode=None, passphrase=None, pass_phrase=None, expiration=None, payload_content_type=None, status=None, created=None, updated=None, order_ref=None, container_ref=None, error_status_code=None, error_reason=None, sub_status=None, sub_status_message=None, creator_id=None)¶pass_phrase
¶Passphrase to be used for passphrase protected asymmetric keys
barbicanclient.v1.containers.
ContainerManager
(api)¶EntityManager for Container entities
You should use the ContainerManager exposed by the Client and should not need to instantiate your own.
create
(name=None, secrets=None)¶Factory method for Container objects
Container objects returned by this method have not yet been stored in Barbican.
Parameters: |
|
---|---|
Returns: | Container |
Return type: | |
Raises: |
|
create_certificate
(name=None, certificate=None, intermediates=None, private_key=None, private_key_passphrase=None)¶Factory method for CertificateContainer objects
CertificateContainer objects returned by this method have not yet been stored in Barbican.
Parameters: |
|
---|---|
Returns: | CertificateContainer |
Return type: | |
Raises: |
|
create_rsa
(name=None, public_key=None, private_key=None, private_key_passphrase=None)¶Factory method for RSAContainer objects
RSAContainer objects returned by this method have not yet been stored in Barbican.
Parameters: |
|
---|---|
Returns: | RSAContainer |
Return type: | |
Raises: |
|
delete
(container_ref)¶Delete a Container from Barbican
Parameters: | container_ref – Full HATEOAS reference to a Container, or a UUID |
---|---|
Raises: |
|
get
(container_ref)¶Retrieve an existing Container from Barbican
Parameters: | container_ref – Full HATEOAS reference to a Container, or a UUID |
---|---|
Returns: | Container object or a subclass of the appropriate type |
list
(limit=10, offset=0, name=None, type=None)¶List containers for the project.
This method uses the limit and offset parameters for paging.
Parameters: |
|
---|---|
Returns: | list of Container metadata objects |
Raises: |
|
register_consumer
(container_ref, name, url)¶Add a consumer to the container
Parameters: |
|
---|---|
Returns: | A container object per the get() method |
Raises: |
|
remove_consumer
(container_ref, name, url)¶Remove a consumer from the container
Parameters: |
|
---|---|
Raises: |
|
barbicanclient.v1.containers.
Container
(api, name=None, secrets=None, consumers=None, container_ref=None, created=None, updated=None, status=None, secret_refs=None)¶Container is a generic grouping of Secrets
acls
¶Get ACL settings for this container.
delete
()¶Delete container from Barbican
secrets
¶List of Secrets in Containers
store
()¶Store Container in Barbican
barbicanclient.v1.containers.
RSAContainer
(api, name=None, public_key=None, private_key=None, private_key_passphrase=None, consumers=[], container_ref=None, created=None, updated=None, status=None, public_key_ref=None, private_key_ref=None, private_key_passphrase_ref=None)¶private_key
¶Secret containing the Private Key
private_key_passphrase
¶Secret containing the Passphrase
public_key
¶Secret containing the Public Key
barbicanclient.v1.containers.
CertificateContainer
(api, name=None, certificate=None, intermediates=None, private_key=None, private_key_passphrase=None, consumers=[], container_ref=None, created=None, updated=None, status=None, certificate_ref=None, intermediates_ref=None, private_key_ref=None, private_key_passphrase_ref=None)¶certificate
¶Secret containing the certificate
intermediates
¶Secret containing intermediate certificates
private_key
¶Secret containing the private key
private_key_passphrase
¶Secret containing the passphrase
barbicanclient.v1.cas.
CAManager
(api)¶Entity Manager for Secret entities
get
(ca_ref)¶Retrieve an existing CA from Barbican
Parameters: | ca_ref (str) – Full HATEOAS reference to a CA |
---|---|
Returns: | CA object retrieved from Barbican |
Return type: | |
Raises: |
|
list
(limit=10, offset=0, name=None)¶List CAs for the project
This method uses the limit and offset parameters for paging, and also supports filtering.
Parameters: |
|
---|---|
Returns: | list of CA objects that satisfy the provided filter criteria. |
Return type: | list |
Raises: |
|
barbicanclient.v1.cas.
CA
(api, meta=None, expiration=None, plugin_name=None, plugin_ca_id=None, ca_ref=None, created=None, updated=None, status=None, creator_id=None)¶Certificate authority
CAs represent certificate authorities or subCAs with which the Barbican service is configured to interact.
Certificate authority
CA objects should not be instantiated directly. You should use
the create or get methods of the
barbicanclient.cas.CAManager
instead.
barbicanclient.v1.acls.
ACLManager
(api)¶Entity Manager for Secret or Container ACL entities
create
(entity_ref=None, users=None, project_access=None, operation_type='read')¶Factory method for creating ACL entity.
ACL object returned by this method have not yet been stored in Barbican.
Input entity_ref is used to determine whether
ACL object type needs to be barbicanclient.acls.SecretACL
or barbicanclient.acls.ContainerACL
.
Parameters: |
|
---|---|
Returns: | ACL object instance |
Return type: |
|
get
(entity_ref)¶Retrieve existing ACLs for a secret or container found in Barbican
Parameters: | entity_ref (str) – Full HATEOAS reference to a secret or container. |
---|---|
Returns: | ACL entity object instance |
Return type: |
|
Raises: |
|
barbicanclient.v1.acls.
SecretACL
(api, entity_ref, users=None, project_access=None, operation_type='read', created=None, updated=None)¶ACL entity for a secret
Base ACL entity instance for secret or container.
Provide ACL data arguments to set ACL setting for given operation_type.
To add ACL setting for other operation types, use add_operation_acl method.
Parameters: |
|
---|
add_operation_acl
(users=None, project_access=None, operation_type=None, created=None, updated=None)¶Add ACL settings to entity for specific operation type.
If matching operation_type ACL already exists, then it replaces it with new PerOperationACL object using provided inputs. Otherwise it appends new PerOperationACL object to existing per operation ACL list.
This just adds to local entity and have not yet applied these changes to server.
Parameters: |
|
---|
entity_ref
¶Entity URI reference.
entity_uuid
¶Entity UUID
get
(operation_type)¶Get operation specific ACL instance.
Parameters: | operation_type (str) – Type indicating which operation’s ACL |
---|
setting is needed.
load_acls_data
()¶Loads ACL entity from Barbican server using its acl_ref
Clears the existing list of per operation ACL settings if there. Populates current ACL entity with ACL settings received from Barbican server.
Raises: |
|
---|
operation_acls
¶List of operation specific ACL settings.
remove
()¶Remove Barbican ACLs setting defined for a secret or container
Raises: |
|
---|
submit
()¶Submits ACLs for a secret or a container defined in server
In existing ACL case, this overwrites the existing ACL setting with provided inputs. If input users are None or empty list, this will remove existing ACL users if there. If input project_access flag is None, then default project access behavior is enabled.
Returns: | str acl_ref: Full HATEOAS reference to a secret or container ACL. |
---|---|
Raises: |
|
barbicanclient.v1.acls.
ContainerACL
(api, entity_ref, users=None, project_access=None, operation_type='read', created=None, updated=None)¶ACL entity for a container
Base ACL entity instance for secret or container.
Provide ACL data arguments to set ACL setting for given operation_type.
To add ACL setting for other operation types, use add_operation_acl method.
Parameters: |
|
---|
add_operation_acl
(users=None, project_access=None, operation_type=None, created=None, updated=None)¶Add ACL settings to entity for specific operation type.
If matching operation_type ACL already exists, then it replaces it with new PerOperationACL object using provided inputs. Otherwise it appends new PerOperationACL object to existing per operation ACL list.
This just adds to local entity and have not yet applied these changes to server.
Parameters: |
|
---|
entity_ref
¶Entity URI reference.
entity_uuid
¶Entity UUID
get
(operation_type)¶Get operation specific ACL instance.
Parameters: | operation_type (str) – Type indicating which operation’s ACL |
---|
setting is needed.
load_acls_data
()¶Loads ACL entity from Barbican server using its acl_ref
Clears the existing list of per operation ACL settings if there. Populates current ACL entity with ACL settings received from Barbican server.
Raises: |
|
---|
operation_acls
¶List of operation specific ACL settings.
remove
()¶Remove Barbican ACLs setting defined for a secret or container
Raises: |
|
---|
submit
()¶Submits ACLs for a secret or a container defined in server
In existing ACL case, this overwrites the existing ACL setting with provided inputs. If input users are None or empty list, this will remove existing ACL users if there. If input project_access flag is None, then default project access behavior is enabled.
Returns: | str acl_ref: Full HATEOAS reference to a secret or container ACL. |
---|---|
Raises: |
|
barbicanclient.exceptions.
BarbicanException
¶barbicanclient.exceptions.
HTTPAuthError
(message, status_code=401)¶Raised for 401 Unauthorized responses from the server.
barbicanclient.exceptions.
HTTPClientError
(message, status_code=0)¶Raised for 4xx responses from the server.
barbicanclient.exceptions.
HTTPError
(message, status_code=0)¶Base exception for HTTP errors.
barbicanclient.exceptions.
HTTPServerError
(message, status_code=0)¶Raised for 5xx responses from the server.
barbicanclient.exceptions.
PayloadException
¶barbicanclient.exceptions.
UnsupportedVersion
¶User is trying to use an unsupported version of the API.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.