The nova.keymgr.barbican
Module¶
Key manager implementation for Barbican
-
class
BarbicanKeyManager
¶ Bases:
nova.keymgr.key_mgr.KeyManager
Key Manager Interface that wraps the Barbican client API.
-
copy_key
(ctxt, key_id)¶ Copies (i.e., clones) a key stored by barbican.
Parameters: - ctxt – contains information of the user and the environment for the request (nova/context.py)
- key_id – the UUID of the key to copy
Returns: the UUID of the key copy
Raises: Exception – if key copying fails
-
create_key
(ctxt, expiration=None, name='Nova Compute Key', payload_content_type='application/octet-stream', mode='CBC', algorithm='AES', length=256)¶ Creates a key.
Parameters: - ctxt – contains information of the user and the environment for the request (nova/context.py)
- expiration – the date the key will expire
- name – a friendly name for the secret
- payload_content_type – the format/type of the secret data
- mode – the algorithm mode (e.g. CBC or CTR mode)
- algorithm – the algorithm associated with the secret
- length – the bit length of the secret
Returns: the UUID of the new key
Raises: Exception – if key creation fails
-
delete_key
(ctxt, key_id)¶ Deletes the specified key.
Parameters: - ctxt – contains information of the user and the environment for the request (nova/context.py)
- key_id – the UUID of the key to delete
Raises: Exception – if key deletion fails
-
get_key
(ctxt, key_id, payload_content_type='application/octet-stream')¶ Retrieves the specified key.
Parameters: - ctxt – contains information of the user and the environment for the request (nova/context.py)
- key_id – the UUID of the key to retrieve
- payload_content_type – The format/type of the secret data
Returns: SymmetricKey representation of the key
Raises: Exception – if key retrieval fails
-
store_key
(ctxt, key, expiration=None, name='Nova Compute Key', payload_content_type='application/octet-stream', payload_content_encoding='base64', algorithm='AES', bit_length=256, mode='CBC', from_copy=False)¶ Stores (i.e., registers) a key with the key manager.
Parameters: - ctxt – contains information of the user and the environment for the request (nova/context.py)
- key – the unencrypted secret data. Known as “payload” to the barbicanclient api
- expiration – the expiration time of the secret in ISO 8601 format
- name – a friendly name for the key
- payload_content_type – the format/type of the secret data
- payload_content_encoding – the encoding of the secret data
- algorithm – the algorithm associated with this secret key
- bit_length – the bit length of this secret key
- mode – the algorithm mode used with this secret key
- from_copy – establishes whether the function is being used to copy a key. In case of the latter, it does not try to decode the key
Returns: the UUID of the stored key
Raises: Exception – if key storage fails
-