def delete_key(self, ctxt, key_id, **kwargs): if ctxt is None: raise exception.NotAuthorized() if key_id != self.key_id: raise exception.KeyManagerError( reason="cannot delete non-existent key") LOG.warning(_LW("Not deleting key %s"), key_id)
def store_key(self, ctxt, key, **kwargs): """Stores (i.e., registers) a key with the key manager.""" if ctxt is None: raise exception.NotAuthorized() if key != self._generate_key(): raise exception.KeyManagerError( reason="cannot store arbitrary keys") return self.key_id
def create_key(self, ctxt, **kwargs): """Creates a key. This implementation returns a UUID for the created key. A NotAuthorized exception is raised if the specified context is None. """ if ctxt is None: raise exception.NotAuthorized() return self.key_id
def get_key(self, ctxt, key_id, **kwargs): """Retrieves the key identified by the specified id. This implementation returns the key that is associated with the specified UUID. A NotAuthorized exception is raised if the specified context is None; a KeyError is raised if the UUID is invalid. """ if ctxt is None: raise exception.NotAuthorized() if key_id != self.key_id: raise KeyError(key_id) return self._generate_key()
def _get_barbican_client(self, ctxt): """Creates a client to connect to the Barbican service. :param ctxt: the user context for authentication :return: a Barbican Client object :throws NotAuthorized: if the ctxt is None :throws KeyManagerError: if ctxt is missing project_id or project_id is None """ # Confirm context is provided, if not raise not authorized if not ctxt: msg = _("User is not authorized to use key manager.") LOG.error(msg) raise exception.NotAuthorized(msg) if not hasattr(ctxt, 'project_id') or ctxt.project_id is None: msg = _("Unable to create Barbican Client without project_id.") LOG.error(msg) raise exception.KeyManagerError(msg) # If same context, return cached barbican client if self._barbican_client and self._current_context == ctxt: return self._barbican_client try: auth = identity.v3.Token( auth_url=CONF.storage_keymgr.encryption_auth_url, token=ctxt.auth_token, project_id=ctxt.project_id) sess = session.Session(auth=auth) self._barbican_client = barbican_client.Client( session=sess, endpoint=self._barbican_endpoint) self._current_context = ctxt except Exception: with excutils.save_and_reraise_exception(): LOG.exception(_LE("Error creating Barbican client.")) return self._barbican_client
def copy_key(self, ctxt, key_id, **kwargs): if ctxt is None: raise exception.NotAuthorized() return self.key_id