def _do_create_secret(self, secret_args):
"""Using the cache construct, and the barbican client, create a secret
:param secret_args: Dict containing the data for the secret to create
:type secret_args: dict
:returns: Secret reference returned by Barbican
:rtype: str
"""
try:
return cache.lookup_by_payload(self.barbicanclient, **secret_args)
except (barbicanclient.exceptions.HTTPAuthError,
barbicanclient.exceptions.HTTPClientError) as e:
LOG.exception(str(e))
raise errors.BarbicanClientException(code=e.status_code,
details=str(e))
except barbicanclient.exceptions.HTTPServerError as e:
LOG.error(
'Caught %s error from Barbican, likely due to a '
'configuration or deployment issue.', e.__class__.__name__)
raise errors.BarbicanServerException(details=str(e))
except barbicanclient.exceptions.PayloadException as e:
LOG.error(
'Caught %s error from Barbican, because the secret '
'payload type is unsupported.', e.__class__.__name__)
raise errors.BarbicanServerException(details=str(e))
def create_secret(self, secret_doc):
"""Create a secret.
:param secret_doc: Document with ``storagePolicy`` of "encrypted".
:type secret_doc: document.DocumentDict
:returns: Secret reference returned by Barbican
:rtype: str
"""
secret_type, payload = self._base64_encode_payload(secret_doc)
if secret_doc.storage_policy == types.CLEARTEXT:
return payload
# Store secret_ref in database for `secret_doc`.
kwargs = {
'name': secret_doc['metadata']['name'],
'secret_type': secret_type,
'payload': payload
}
LOG.info('Storing encrypted document data in Barbican.')
try:
secret_ref = cache.lookup_by_payload(self.barbicanclient, **kwargs)
except (barbicanclient.exceptions.HTTPAuthError,
barbicanclient.exceptions.HTTPClientError) as e:
LOG.exception(str(e))
raise errors.BarbicanClientException(code=e.status_code,
details=str(e))
except barbicanclient.exceptions.HTTPServerError as e:
LOG.error(
'Caught %s error from Barbican, likely due to a '
'configuration or deployment issue.', e.__class__.__name__)
raise errors.BarbicanServerException(details=str(e))
except barbicanclient.exceptions.PayloadException as e:
LOG.error(
'Caught %s error from Barbican, because the secret '
'payload type is unsupported.', e.__class__.__name__)
raise errors.BarbicanServerException(details=str(e))
return secret_ref
def get_secret(self, secret_ref, src_doc):
"""Get a secret."""
try:
secret = cache.lookup_by_ref(self.barbicanclient, secret_ref)
except (barbicanclient.exceptions.HTTPAuthError,
barbicanclient.exceptions.HTTPClientError) as e:
LOG.exception(str(e))
raise errors.BarbicanClientException(code=e.status_code,
details=str(e))
except (barbicanclient.exceptions.HTTPServerError, ValueError) as e:
LOG.exception(str(e))
raise errors.BarbicanServerException(details=str(e))
payload = secret.payload
if secret.secret_type == 'opaque':
LOG.debug(
'Forcibly base64-decoding original non-string payload '
'for document [%s, %s] %s.', *src_doc.meta)
secret = self._base64_decode_payload(payload)
else:
secret = payload
return secret