def _get_client(self, retry_on_conflict=True):
# If we've already constructed a valid, authed client, just return
# that.
if retry_on_conflict and self._cached_client is not None:
return self._cached_client
# TODO(fmontei): Deckhand's configuration file needs to be populated
# with correct Keysone authentication values as well as the Barbican
# endpoint URL automatically.
barbican_url = CONF.barbican.api_endpoint
keystone_auth = dict(CONF.keystone_authtoken)
auth = v3.Password(**keystone_auth)
sess = session.Session(auth=auth)
try:
cli = barbican.client.Client(endpoint=barbican_url,
session=sess)
# Cache the client so we don't have to reconstruct and
# reauthenticate it every time we need it.
if retry_on_conflict:
self._cached_client = cli
except barbican_exc.HTTPAuthError as e:
LOG.exception(e.message)
raise errors.BarbicanException(message=e.message,
code=e.status_code)
return cli
def _get_client(self, retry_on_conflict=True):
# If we've already constructed a valid, authed client, just return
# that.
if retry_on_conflict and self._cached_client is not None:
return self._cached_client
# TODO(fmontei): Deckhand's configuration file needs to be populated
# with correct Keysone authentication values as well as the Barbican
# endpoint URL automatically.
barbican_url = CONF.barbican.api_endpoint
auth = loading.load_auth_from_conf_options(CONF, 'keystone_authtoken')
sess = session.Session(auth=auth)
try:
cli = barbican.client.Client(endpoint=barbican_url, session=sess)
# Cache the client so we don't have to reconstruct and
# reauthenticate it every time we need it.
if retry_on_conflict:
self._cached_client = cli
except barbican_exc.HTTPAuthError as e:
LOG.exception(str(e))
raise errors.BarbicanException(details=str(e))
return cli
def get_secret(self, secret_ref):
"""Get a secret."""
try:
return self.barbicanclient.call("secrets.get", secret_ref)
except (barbicanclient.exceptions.HTTPAuthError,
barbicanclient.exceptions.HTTPClientError,
barbicanclient.exceptions.HTTPServerError, ValueError) as e:
LOG.exception(str(e))
raise errors.BarbicanException(details=str(e))
def delete_secret(self, secret_ref):
"""Delete a secret."""
try:
# NOTE(felipemonteiro): No cache invalidation is performed here
# as the only API that invokes this method is DELETE /revisions
# which also invalidates the entire Barbican cache.
return self.barbicanclient.call("secrets.delete", secret_ref)
except (barbicanclient.exceptions.HTTPAuthError,
barbicanclient.exceptions.HTTPServerError) as e:
LOG.exception(str(e))
raise errors.BarbicanException(details=str(e))
except barbicanclient.exceptions.HTTPClientError as e:
if e.status_code == 404:
LOG.warning('Could not delete secret %s because it was not '
'found. Assuming it no longer exists.', secret_ref)
raise
def create_secret(self, **kwargs):
"""Create a secret."""
secret = self.barbicanclient.call("secrets.create", **kwargs)
try:
secret.store()
except (barbicanclient.exceptions.HTTPAuthError,
barbicanclient.exceptions.HTTPClientError,
barbicanclient.exceptions.HTTPServerError) as e:
LOG.exception(e.message)
raise errors.BarbicanException(message=e.message,
code=e.status_code)
# NOTE(fmontei): The dictionary representation of the Secret object by
# default has keys that are not snake case -- so make them snake case.
resp = secret.to_dict()
for key in resp.keys():
resp[utils.to_snake_case(key)] = resp.pop(key)
return resp