def on_get(self, external_project_id, **kwargs):
if controllers.is_json_request_accept(pecan.request):
resp = self._on_get_secret_metadata(self.secret, **kwargs)
LOG.info('Retrieved secret metadata for project: %s',
external_project_id)
return resp
else:
LOG.warning(
'Decrypted secret %s requested using deprecated '
'API call.', self.secret.id)
return self._on_get_secret_payload(self.secret,
external_project_id, **kwargs)
def on_get(self, external_project_id, **kwargs):
if controllers.is_json_request_accept(pecan.request):
resp = self._on_get_secret_metadata(self.secret, **kwargs)
LOG.info(u._LI('Retrieved secret metadata for project: %s'),
external_project_id)
return resp
else:
LOG.warning(u._LW('Decrypted secret %s requested using deprecated '
'API call.'), self.secret.id)
return self._on_get_secret_payload(self.secret,
external_project_id,
**kwargs)
def on_get(self, external_project_id, **kwargs):
secret = self.repos.secret_repo.get(
entity_id=self.secret_id,
external_project_id=external_project_id,
suppress_exception=True)
if not secret:
_secret_not_found()
if controllers.is_json_request_accept(pecan.request):
return self._on_get_secret_metadata(secret, **kwargs)
else:
return self._on_get_secret_payload(secret, external_project_id,
**kwargs)
def on_get(self, external_project_id, **kwargs):
if controllers.is_json_request_accept(pecan.request):
resp = self._on_get_secret_metadata(self.secret, **kwargs)
LOG.info('Retrieved secret metadata for project: %s',
external_project_id)
if versions.is_supported(pecan.request, max_version='1.0'):
# NOTE(xek): consumers are being introduced in 1.1
del resp['consumers']
return resp
else:
LOG.warning(
'Decrypted secret %s requested using deprecated '
'API call.', self.secret.id)
return self._on_get_secret_payload(self.secret,
external_project_id, **kwargs)
def index(self, keystone_id, **kwargs):
secret = self.repos.secret_repo.get(entity_id=self.secret_id,
keystone_id=keystone_id,
suppress_exception=True)
if not secret:
_secret_not_found()
if controllers.is_json_request_accept(pecan.request):
# Metadata-only response, no secret retrieval is necessary.
pecan.override_template('json', 'application/json')
secret_fields = putil.mime_types.augment_fields_with_content_types(
secret)
transport_key_needed = kwargs.get('transport_key_needed',
'false').lower() == 'true'
if transport_key_needed:
transport_key_id = plugin.get_transport_key_id_for_retrieval(
secret)
if transport_key_id is not None:
secret_fields['transport_key_id'] = transport_key_id
return hrefs.convert_to_hrefs(secret_fields)
else:
project = res.get_or_create_project(keystone_id,
self.repos.project_repo)
pecan.override_template('', pecan.request.accept.header_value)
transport_key = None
twsk = kwargs.get('trans_wrapped_session_key', None)
if twsk is not None:
transport_key_id = kwargs.get('transport_key_id', None)
if transport_key_id is None:
_request_has_twsk_but_no_transport_key_id()
transport_key_model = self.repos.transport_key_repo.get(
entity_id=transport_key_id,
suppress_exception=True)
transport_key = transport_key_model.transport_key
return plugin.get_secret(pecan.request.accept.header_value,
secret,
project,
self.repos,
twsk,
transport_key)
def index(self, keystone_id):
secret = self.repo.get(entity_id=self.secret_id,
keystone_id=keystone_id,
suppress_exception=True)
if not secret:
_secret_not_found()
if controllers.is_json_request_accept(pecan.request):
# Metadata-only response, no decryption necessary.
pecan.override_template('json', 'application/json')
secret_fields = mime_types.augment_fields_with_content_types(
secret)
return hrefs.convert_to_hrefs(keystone_id, secret_fields)
else:
tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo)
pecan.override_template('', pecan.request.accept.header_value)
return self.crypto_manager.decrypt(
pecan.request.accept.header_value,
secret,
tenant
)
def index(self, keystone_id):
secret = self.repo.get(entity_id=self.secret_id,
keystone_id=keystone_id,
suppress_exception=True)
if not secret:
_secret_not_found()
if controllers.is_json_request_accept(pecan.request):
# Metadata-only response, no decryption necessary.
pecan.override_template('json', 'application/json')
secret_fields = mime_types.augment_fields_with_content_types(
secret)
return hrefs.convert_to_hrefs(keystone_id, secret_fields)
else:
tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo)
pecan.override_template('', pecan.request.accept.header_value)
return self.crypto_manager.decrypt(
pecan.request.accept.header_value,
secret,
tenant
)
