def delete(self, context, key_id): """Represents deleting the key.""" # Confirm context is provided, if not raise forbidden if not context: msg = _("User is not authorized to use key manager.") raise exception.Forbidden(msg) if not key_id: raise exception.KeyManagerError('key identifier not provided') headers = {'X-Vault-Token': self._root_token_id} try: resource_url = self._get_url() + 'v1/secret/' + key_id resp = self._session.delete(resource_url, verify=self._verify_server, headers=headers) except requests.exceptions.Timeout as ex: raise exception.KeyManagerError(six.text_type(ex)) except requests.exceptions.ConnectionError as ex: raise exception.KeyManagerError(six.text_type(ex)) except Exception as ex: raise exception.KeyManagerError(six.text_type(ex)) if resp.status_code in _EXCEPTIONS_BY_CODE: raise exception.KeyManagerError(resp.reason) if resp.status_code == requests.codes['forbidden']: raise exception.Forbidden() if resp.status_code == requests.codes['not_found']: raise exception.ManagedObjectNotFoundError(uuid=key_id)
def delete(self, context, key_id): """Represents deleting the key.""" if not key_id: raise exception.KeyManagerError('key identifier not provided') resp = self._do_http_request(self._session.delete, self._get_resource_url(key_id)) if resp.status_code == requests.codes['not_found']: raise exception.ManagedObjectNotFoundError(uuid=key_id)
def test_ensure_vtpm_secret_error(self, mock_get_manager): """Check behavior when we fail to retrieve a secret via castellan. We should bubble up the error. """ instance = objects.Instance() instance.system_metadata = {'vtpm_secret_uuid': uuids.vtpm} mock_get_manager.return_value.get.side_effect = ( castellan_exception.ManagedObjectNotFoundError(uuid=uuids.vtpm)) self.assertRaises(castellan_exception.ManagedObjectNotFoundError, crypto.ensure_vtpm_secret, self.ctxt, instance)
def get(self, context, key_id, metadata_only=False): """Retrieves the key identified by the specified id.""" # Confirm context is provided, if not raise forbidden if not context: msg = _("User is not authorized to use key manager.") raise exception.Forbidden(msg) if not key_id: raise exception.KeyManagerError('key identifier not provided') headers = {'X-Vault-Token': self._root_token_id} try: resource_url = self._get_url() + 'v1/secret/' + key_id resp = self._session.get(resource_url, verify=self._verify_server, headers=headers) except requests.exceptions.Timeout as ex: raise exception.KeyManagerError(six.text_type(ex)) except requests.exceptions.ConnectionError as ex: raise exception.KeyManagerError(six.text_type(ex)) except Exception as ex: raise exception.KeyManagerError(six.text_type(ex)) if resp.status_code in _EXCEPTIONS_BY_CODE: raise exception.KeyManagerError(resp.reason) if resp.status_code == requests.codes['forbidden']: raise exception.Forbidden() if resp.status_code == requests.codes['not_found']: raise exception.ManagedObjectNotFoundError(uuid=key_id) record = resp.json()['data'] key = None if metadata_only else binascii.unhexlify(record['value']) clazz = None for type_clazz, type_name in self._secret_type_dict.items(): if type_name == record['type']: clazz = type_clazz if clazz is None: raise exception.KeyManagerError("Unknown type : %r" % record['type']) if hasattr(clazz, 'algorithm') and hasattr(clazz, 'bit_length'): return clazz(record['algorithm'], record['bit_length'], key, record['name'], record['created'], key_id) else: return clazz(key, record['name'], record['created'], key_id)
def delete(self, context, key_id): """Represents deleting the key.""" # Confirm context is provided, if not raise forbidden if not context: msg = _("User is not authorized to use key manager.") raise exception.Forbidden(msg) if not key_id: raise exception.KeyManagerError('key identifier not provided') resp = self._do_http_request(self._session.delete, self._get_resource_url(key_id)) if resp.status_code == requests.codes['not_found']: raise exception.ManagedObjectNotFoundError(uuid=key_id)
def test_delete_vtpm_secret_error(self, mock_get_manager): """Check behavior when we fail to retrieve the secret via castellan. We should carry on and delete the reference from the instance. """ instance = objects.Instance() instance.system_metadata = {'vtpm_secret_uuid': uuids.vtpm} mock_get_manager.return_value.delete.side_effect = ( castellan_exception.ManagedObjectNotFoundError(uuid=uuids.vtpm)) with mock.patch.object(instance, 'save') as mock_save: crypto.delete_vtpm_secret(self.ctxt, instance) self.assertNotIn('vtpm_secret_uuid', instance.system_metadata) mock_save.assert_called_once() mock_get_manager.assert_called_once() mock_get_manager.return_value.delete.assert_called_once_with( self.ctxt, uuids.vtpm, )
def get(self, context, managed_object_id): """Retrieves the specified managed object. :param context: contains information of the user and the environment for the request (castellan/context.py) :param managed_object_id: the UUID of the object to retrieve :return: ManagedObject representation of the managed object :raises KeyManagerError: if object retrieval fails :raises ManagedObjectNotFoundError: if object not found """ try: secret = self._get_secret(context, managed_object_id) return self._get_castellan_object(secret) except (barbican_exceptions.HTTPAuthError, barbican_exceptions.HTTPClientError, barbican_exceptions.HTTPServerError) as e: LOG.error(_LE("Error retrieving object: %s"), e) if self._is_secret_not_found_error(e): raise exception.ManagedObjectNotFoundError( uuid=managed_object_id) else: raise exception.KeyManagerError(reason=e)
def get(self, context, key_id, metadata_only=False): """Retrieves the key identified by the specified id.""" if not key_id: raise exception.KeyManagerError('key identifier not provided') resp = self._do_http_request(self._session.get, self._get_resource_url(key_id)) if resp.status_code == requests.codes['not_found']: raise exception.ManagedObjectNotFoundError(uuid=key_id) record = resp.json()['data'] if self._get_api_version() != '1': record = record['data'] key = None if metadata_only else binascii.unhexlify(record['value']) clazz = None for type_clazz, type_name in self._secret_type_dict.items(): if type_name == record['type']: clazz = type_clazz if clazz is None: raise exception.KeyManagerError( "Unknown type : %r" % record['type']) if hasattr(clazz, 'algorithm') and hasattr(clazz, 'bit_length'): return clazz(record['algorithm'], record['bit_length'], key, record['name'], record['created'], key_id) else: return clazz(key, record['name'], record['created'], key_id)
def delete(self, context, managed_object_id): """Deletes the specified managed object. :param context: contains information of the user and the environment for the request (castellan/context.py) :param managed_object_id: the UUID of the object to delete :raises KeyManagerError: if object deletion fails :raises ManagedObjectNotFoundError: if the object could not be found """ barbican_client = self._get_barbican_client(context) try: secret_ref = self._create_secret_ref(managed_object_id) barbican_client.secrets.delete(secret_ref) except (barbican_exceptions.HTTPAuthError, barbican_exceptions.HTTPClientError, barbican_exceptions.HTTPServerError) as e: LOG.error("Error deleting object: %s", e) if self._is_secret_not_found_error(e): raise exception.ManagedObjectNotFoundError( uuid=managed_object_id) else: raise exception.KeyManagerError(reason=e)